Malware Analysis Report

2024-10-19 02:14

Sample ID 231230-cryejsdce2
Target 0b6b2968e8f090b22bc47abab70c4dd0
SHA256 cf8a60b5e39660a02d37d4d5f1d28e392427c1da05142d4a651cd1c267d07cc1
Tags
smokeloader vidar zgrat 706 pub6 backdoor rat stealer themida trojan nullmixer privateloader risepro aspackv2 dropper loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf8a60b5e39660a02d37d4d5f1d28e392427c1da05142d4a651cd1c267d07cc1

Threat Level: Known bad

The file 0b6b2968e8f090b22bc47abab70c4dd0 was found to be: Known bad.

Malicious Activity Summary

smokeloader vidar zgrat 706 pub6 backdoor rat stealer themida trojan nullmixer privateloader risepro aspackv2 dropper loader

ZGRat

SmokeLoader

Detect ZGRat V1

RisePro

NullMixer

Vidar

PrivateLoader

Vidar Stealer

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Themida packer

Checks computer location settings

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-30 02:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-30 02:19

Reported

2023-12-31 08:49

Platform

win7-20231129-en

Max time kernel

0s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

ZGRat

rat zgrat

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.db-ip.com N/A N/A
N/A api.db-ip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe

"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\20383e5a9a4c5112.exe

20383e5a9a4c5112.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\b001a8f56.exe

b001a8f56.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe" -a

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\27ce46284501.exe

27ce46284501.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\79d822fc709e78.exe

79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\f9a302645.exe

f9a302645.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\e9e6055abb695524.exe

e9e6055abb695524.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\3d0c613fcb2403.exe

3d0c613fcb2403.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\2d7080268fee447.exe

2d7080268fee447.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 416

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c b001a8f56.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c f9a302645.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 27ce46284501.exe

C:\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 956

Network

Country Destination Domain Proto
US 8.8.8.8:53 marisana.xyz udp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 live.goatgame.live udp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 lenak513.tumblr.com udp
US 74.114.154.18:443 lenak513.tumblr.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 music-sec.xyz udp
US 8.8.8.8:53 www.microsoft.com udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 db-ip.com udp
US 172.67.75.166:443 db-ip.com tcp
US 8.8.8.8:53 api.db-ip.com udp
US 172.67.75.166:443 api.db-ip.com tcp
US 8.8.8.8:53 www.maxmind.com udp
US 104.18.146.235:80 www.maxmind.com tcp
NL 37.0.8.235:80 tcp
US 8.8.8.8:53 iplogger.org udp
US 172.67.132.113:443 iplogger.org tcp
US 8.8.8.8:53 aucmoney.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 thegymmum.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 atvcampingtrips.com udp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 kuapakualaman.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 renatazarazua.com udp
US 8.8.8.8:53 nasufmutlu.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 172.67.132.113:443 iplogger.org tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.11.8:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 172.67.133.215:80 wfsdragon.ru tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
RU 185.230.143.16:32115 tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

memory/2796-44-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-51-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-53-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2796-55-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-59-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-63-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1152-117-0x0000000000B70000-0x0000000000B9E000-memory.dmp

memory/1152-129-0x0000000000240000-0x0000000000246000-memory.dmp

memory/1152-131-0x0000000000250000-0x0000000000272000-memory.dmp

memory/2960-132-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

memory/2152-134-0x0000000001210000-0x0000000001A36000-memory.dmp

memory/2152-136-0x0000000001A40000-0x0000000002266000-memory.dmp

memory/2152-140-0x0000000077E60000-0x0000000077E62000-memory.dmp

memory/2336-139-0x0000000000250000-0x0000000000259000-memory.dmp

memory/2336-138-0x0000000003430000-0x0000000003530000-memory.dmp

memory/2152-137-0x0000000001A40000-0x0000000002266000-memory.dmp

memory/2152-135-0x0000000001210000-0x0000000001A36000-memory.dmp

memory/1152-133-0x0000000000270000-0x0000000000276000-memory.dmp

memory/1152-130-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

memory/2336-141-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/1240-143-0x0000000003350000-0x00000000033ED000-memory.dmp

memory/1240-142-0x00000000034B0000-0x00000000035B0000-memory.dmp

memory/2960-111-0x0000000000A10000-0x0000000000A18000-memory.dmp

memory/1240-144-0x0000000000400000-0x000000000334B000-memory.dmp

memory/1152-147-0x000000001AE70000-0x000000001AEF0000-memory.dmp

memory/2960-146-0x000000001AC20000-0x000000001ACA0000-memory.dmp

memory/1964-145-0x0000000002A70000-0x0000000003296000-memory.dmp

memory/2796-62-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2796-61-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2796-60-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-58-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-57-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-54-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-52-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-43-0x000000006B280000-0x000000006B2A6000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe

MD5 5bda86c200ce3cb2d69c723a5e33ee7f
SHA1 3ae6b41ddd271eae3225285844afba2a67f6664a
SHA256 74db2527f5f87d5916b041b6a45fb9b0f650c756f13f295344c9c1e6778b6d27
SHA512 7485c29cef947a0b16b6b58a524f3e656e73215bfe225c980616669f7d5690d1b8fa193efd61c374304d0eff85fcea7aef7352b7d9c08953dc8e11507a0a8148

\Users\Admin\AppData\Local\Temp\7zSC7752636\setup_install.exe

MD5 a752dbb95598b6270756534e5a489792
SHA1 a1a40379c178af37c2f6985dfc6ca79d71ff8ee1
SHA256 67807ab0b40497b17fd753c3d2f9623bd4bfea3148510b2ccb768d08f8a73193
SHA512 f75d5e13d850ac15e371c518efe1066e624cdef6a3e4dffc0d61dcda5270942942f7a4e5664ee7298142b4535df56a1c527661f65531c6dd9a3b33c4e90307a9

memory/1248-158-0x0000000002F00000-0x0000000002F16000-memory.dmp

memory/2336-159-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/2796-268-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2796-267-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/2796-266-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2796-265-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2796-264-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2796-263-0x0000000000400000-0x0000000000C7F000-memory.dmp

memory/1240-269-0x0000000000400000-0x000000000334B000-memory.dmp

memory/1152-282-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

memory/2960-283-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

memory/2152-303-0x0000000001A40000-0x0000000002266000-memory.dmp

memory/1240-304-0x00000000034B0000-0x00000000035B0000-memory.dmp

memory/2152-302-0x0000000001210000-0x0000000001A36000-memory.dmp

memory/1152-307-0x000000001AE70000-0x000000001AEF0000-memory.dmp

memory/2960-306-0x000000001AC20000-0x000000001ACA0000-memory.dmp

memory/1964-305-0x0000000002A70000-0x0000000003296000-memory.dmp

memory/1152-377-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-30 02:19

Reported

2023-12-31 08:49

Platform

win10v2004-20231215-en

Max time kernel

1s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

NullMixer

dropper nullmixer

PrivateLoader

loader privateloader

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

ZGRat

rat zgrat

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup_installer.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe

"C:\Users\Admin\AppData\Local\Temp\0b6b2968e8f090b22bc47abab70c4dd0.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\79d822fc709e78.exe

79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\27ce46284501.exe

27ce46284501.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\b001a8f56.exe

b001a8f56.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2196 -ip 2196

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe" -a

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 552

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\2d7080268fee447.exe

2d7080268fee447.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\f9a302645.exe

f9a302645.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\3d0c613fcb2403.exe

3d0c613fcb2403.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\e9e6055abb695524.exe

e9e6055abb695524.exe

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\20383e5a9a4c5112.exe

20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c b001a8f56.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c f9a302645.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 27ce46284501.exe

C:\Windows\system32\WerFaultSecure.exe

"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4940 -i 4940 -h 504 -j 508 -s 520 -d 4364

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 marisana.xyz udp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 music-sec.xyz udp
NL 37.0.8.235:80 tcp
US 8.8.8.8:53 iplogger.org udp
US 104.21.4.208:443 iplogger.org tcp
US 8.8.8.8:53 live.goatgame.live udp
US 8.8.8.8:53 208.4.21.104.in-addr.arpa udp
US 104.21.4.208:443 iplogger.org tcp
RU 185.230.143.16:32115 tcp
US 8.8.8.8:53 lenak513.tumblr.com udp
US 74.114.154.18:443 lenak513.tumblr.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 18.154.114.74.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
NL 37.0.11.8:80 tcp
US 8.8.8.8:53 s.lletlee.com udp
RU 185.230.143.16:32115 tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 104.21.5.208:80 wfsdragon.ru tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 626f9d0d6499c9e1016ec4245fdbfee4
SHA1 c45e1ae57da311a76f1dd0e1cfe6b3e27e5dc9db
SHA256 2612ca965f952e5ac4d1237e5abb6f59fe7271a6f269390040fef18ad3ecf68d
SHA512 20b7f9fa8119ba2f222257cbe7a609c38dba06b3ba428c5a4d2613504a12dde9861d7a41fe876098060f378290a1f403f4e4828daa09def215dc03cf361468d5

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 e66948ebeb735a7c04f31d7c15c52218
SHA1 4f9303fb1f681c5ca43c3c528555c5aa0ee3776b
SHA256 1a218c13da3233bc4fe428496f708c41b0e4a324a142d06a0892b401ad778f74
SHA512 868675c16a843bd5d5951d21af5db3835a99fde040af287a9c8f171ed5507a4c15d5408511ab8a8dbcee4cd09a5343e9d8ff3ebce1dd9789a335e2434079100c

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 027a4c327eb70a6d215ac25ad2db2190
SHA1 bca81908c676bba1f5d1ae8275dc2e2c2e1e2d7f
SHA256 7e237e4568b58a061a8c1a1f22f32fa449d856c8904502c59c834bda39bec9f6
SHA512 c869bfa136a45974e958fd89cdc59789e6a59b67f29f2c9d851487e01276eb9559f1385417439b870447286aeaa3a10c38fec00cb2624ff6a3c4e4fc71cd7ffc

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe

MD5 86b49d73977a0c16444827b7e707a04f
SHA1 3e346786cbb339548eb7c7688bb0716d8353f291
SHA256 3ccd8d12972f120f4fce32210dd6afe793536bef049bfece303851d457540827
SHA512 7de58669a50e5bc1eb41ec1aebe229adbf3aedd37434cb22f4bc34488ef39dae89ffe3b138a1d051cd7c9f4366458e8e8632f48494a8c70583a1b168696a1996

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\setup_install.exe

MD5 e34a32d947191b4349114f21025d9a6b
SHA1 a1a3484c1b893126a0b8de6340bf28c18fd0e953
SHA256 ebec2c8424f0f8490551e81162a364e7b395e32a3705b1d18ddbf46c195d1105
SHA512 872d9e6d9fdb67099b852dfd2168bf3476f50e2186dac2d053d8d853a65694fd5f0f587cb3ca7766254321f8d4588409e565b974c772fb5b7b99ec6a94e78649

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

memory/2196-43-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2196-46-0x0000000001610000-0x000000000169F000-memory.dmp

memory/2196-45-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2196-51-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-55-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/3552-100-0x0000000002850000-0x0000000002856000-memory.dmp

memory/2728-101-0x00000000009C0000-0x00000000011E6000-memory.dmp

memory/2728-103-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/3552-104-0x0000000002860000-0x0000000002882000-memory.dmp

memory/2728-106-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-109-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/3552-110-0x0000000002880000-0x0000000002886000-memory.dmp

memory/2728-112-0x00000000009C0000-0x00000000011E6000-memory.dmp

memory/2728-113-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-118-0x0000000005AB0000-0x0000000005AC2000-memory.dmp

memory/2728-119-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-120-0x0000000005B10000-0x0000000005B4C000-memory.dmp

memory/3548-123-0x0000000003420000-0x00000000034BD000-memory.dmp

memory/1180-124-0x0000000003560000-0x0000000003660000-memory.dmp

memory/3552-122-0x000000001B3E0000-0x000000001B3F0000-memory.dmp

memory/2728-125-0x0000000005B50000-0x0000000005B9C000-memory.dmp

memory/2728-121-0x00000000771C4000-0x00000000771C6000-memory.dmp

memory/2728-117-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-115-0x00000000062B0000-0x00000000068C8000-memory.dmp

memory/1180-126-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/4536-114-0x00007FFD90940000-0x00007FFD91401000-memory.dmp

memory/3548-127-0x0000000003540000-0x0000000003640000-memory.dmp

memory/2728-111-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-108-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/4536-102-0x000000001B570000-0x000000001B580000-memory.dmp

memory/4536-88-0x00000000008F0000-0x00000000008F8000-memory.dmp

memory/3552-91-0x00007FFD90940000-0x00007FFD91401000-memory.dmp

memory/3552-83-0x00000000007D0000-0x00000000007FE000-memory.dmp

memory/1180-133-0x00000000001C0000-0x00000000001C9000-memory.dmp

memory/2196-136-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-135-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/3552-138-0x00007FFD90940000-0x00007FFD91401000-memory.dmp

memory/2196-132-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2196-134-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2196-131-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2196-130-0x0000000000400000-0x0000000000C7F000-memory.dmp

memory/2728-128-0x0000000005DA0000-0x0000000005EAA000-memory.dmp

memory/3548-129-0x0000000000400000-0x000000000334B000-memory.dmp

memory/2196-54-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2196-53-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-52-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-49-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2196-48-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2196-47-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2196-44-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2196-42-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libgcc_s_dw2-1.dll

MD5 51b67160269ef5a1e6c0ab2ed6426ef6
SHA1 5b958a2c248a7f83110b50aa097b43db9ed8e26d
SHA256 21ebbc581c060da3ed032643250b13fede7d593b99783aef44b6b5f554a45511
SHA512 10a6cc16cfb098e3cb32f0d96311f33dc9a1ac46155170b8f5eada41a36cbfa6fe6b00ff65211eda18b3965d86d127407f1cf4ad84f816b34b2345c496bb738e

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zS0B74ED07\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

memory/2728-140-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/4536-139-0x000000001B570000-0x000000001B580000-memory.dmp

memory/2728-146-0x0000000076F40000-0x0000000077030000-memory.dmp

memory/2728-145-0x0000000076F40000-0x0000000077030000-memory.dmp