Malware Analysis Report

2024-10-19 02:14

Sample ID 231230-k397gsfaek
Target 141f2f0295414b069c74a1be852a05f1
SHA256 186992db0748857e13271f18b519fbf2b6f016bd8d81c3ee952786de798a6dad
Tags
cryptbot nullmixer privateloader redline sectoprat smokeloader vidar 706 pub5 test1 aspackv2 backdoor dropper infostealer loader rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

186992db0748857e13271f18b519fbf2b6f016bd8d81c3ee952786de798a6dad

Threat Level: Known bad

The file 141f2f0295414b069c74a1be852a05f1 was found to be: Known bad.

Malicious Activity Summary

cryptbot nullmixer privateloader redline sectoprat smokeloader vidar 706 pub5 test1 aspackv2 backdoor dropper infostealer loader rat spyware stealer trojan

SectopRAT

SectopRAT payload

SmokeLoader

Vidar

CryptBot

CryptBot payload

PrivateLoader

RedLine

NullMixer

RedLine payload

Vidar Stealer

ASPack v2.12-2.42

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Program crash

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-30 09:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-30 09:08

Reported

2023-12-31 09:48

Platform

win7-20231215-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-30 09:08

Reported

2023-12-31 09:47

Platform

win10v2004-20231215-en

Max time kernel

0s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\141f2f0295414b069c74a1be852a05f1.exe"

Signatures

CryptBot

spyware stealer cryptbot

CryptBot payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

NullMixer

dropper nullmixer

PrivateLoader

loader privateloader

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\141f2f0295414b069c74a1be852a05f1.exe

"C:\Users\Admin\AppData\Local\Temp\141f2f0295414b069c74a1be852a05f1.exe"

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun02bc50fece462.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c9fa9e893321.exe

Sun02c9fa9e893321.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4776 -ip 4776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 832

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun029ff1fd15d.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun029ff1fd15d.exe" -a

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 884

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4324 -ip 4324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 1140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2908 -ip 2908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4324 -ip 4324

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun0210eeb3a99d13d.exe

Sun0210eeb3a99d13d.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02bc50fece462.exe

Sun02bc50fece462.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c15b5925e78ff89.exe

Sun02c15b5925e78ff89.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun024d1be6a47f.exe

Sun024d1be6a47f.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun022cfb29d4270.exe

Sun022cfb29d4270.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun029ff1fd15d.exe

Sun029ff1fd15d.exe

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun027a93f82bc2f.exe

Sun027a93f82bc2f.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun022cfb29d4270.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun02c15b5925e78ff89.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun024d1be6a47f.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun027a93f82bc2f.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun0210eeb3a99d13d.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun02c9fa9e893321.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Sun029ff1fd15d.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\setup_install.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 watira.xyz udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 paymentsacademy.xyz udp
US 8.8.8.8:53 iplogger.org udp
NL 37.0.8.235:80 tcp
US 104.21.4.208:443 iplogger.org tcp
US 8.8.8.8:53 live.goatgame.live udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 208.4.21.104.in-addr.arpa udp
US 104.21.4.208:443 iplogger.org tcp
RU 185.215.113.15:61506 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 53.96.141.3.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 lysoip68.top udp
US 8.8.8.8:53 lenak513.tumblr.com udp
US 74.114.154.18:443 lenak513.tumblr.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 18.154.114.74.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.18:443 lenak513.tumblr.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.18:443 lenak513.tumblr.com tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.11.8:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.215.113.15:61506 tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
RU 185.215.113.15:61506 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.215.113.15:61506 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.215.113.15:61506 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.215.113.15:61506 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 ce06a41f79d7894a4f7f2d23feced571
SHA1 f743ccf39322987334f205af3198de35b84a42c9
SHA256 e363ab2f76f9be59549c4e67eb8e9b9b3911f0b50a7a733b32d4435a92c085c7
SHA512 d34344a58c9118b67b1bdf0bf90178397a7980c95c023f93ce0eedd20ef15a328c85ce5371ee0d7a895244bb815aecc0d83416fc094f06bec0a652e308737c5a

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 2b1c74e935003c8292ad07efcf6ba12c
SHA1 3c955710be057d59c9f7010c48850e76ead6c206
SHA256 0bb6a4b21652227ddc3122b34dab43bc0f5921eb85f74ea820bbb08f51c0bcec
SHA512 119fba03af17fc62dbc6dcc8586dc4d19b837eab76e1f6aeb7879f8305ffd9d5b52aa357924675cd78d832d49e593ecab8cc66a05d9ba2210689059621c8f101

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

MD5 4d2b68d677ac73dcb65ee825768911d5
SHA1 662ed4a8145efa1359dc1d4279f406d2cc394515
SHA256 5ee8d225fa0aba9acc29fa615cf1615072bf0e5e7ec8e9cedfcbeb57ec5caa49
SHA512 abbd76794f5e0916fb090d555f4d0f39a1ca7dff56590e505e1d1316e2aaaa530a50ca661da12166e151c15d42f7d56926fa0730c5ed68f71fc09483e9c93a08

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\setup_install.exe

MD5 58aacf8597674f01ff7c506262511e9c
SHA1 2a66bf011a872e0f33dccbfb0a64410b6a5f9a86
SHA256 8b53b10182da31c3f6f2cf610e299fe256547d3c4fce186e770e04f5044d6133
SHA512 e7859deda19b968e63f02e511daba43c1383fafd180b1ae47c2b43b32865de1006fd74d887d8df6689f1cded7a2f9de2eded922135a05292c9f2fd6c120f1734

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libcurl.dll

MD5 bae1c3a709181c6bf38865d6e28e90d9
SHA1 9c8db706eb35a3ebdb1cb5ee8498955b51deb680
SHA256 5cecc74e6f27e4d4c67069eae89fd1f1cd6fb211a8c7a7dfadfa411a0b3f26b9
SHA512 4cb636d76d9880573f24050ea3fa3fffbb4415a8cde8162c6fe9fc2f567f2575bb25b4e7852beeaab21ce4c230831dbf5a3acb48441be1b26cfda773f316816c

memory/4776-63-0x0000000000EB0000-0x0000000000F3F000-memory.dmp

memory/4776-69-0x000000006FE40000-0x000000006FFC6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02bc50fece462.exe

MD5 377d1371080aca444daa4967bf970956
SHA1 70c6212d1593d3c1ea0198517ce4a82b6b1dbaae
SHA256 38a21744cc1dd5101ca1c59e0568a65b2bf7d602619500ee19c8ac3d41974774
SHA512 fa086c4f052c7b4c4de1fe2ead75ea65c75f0fbcfe13b65792f71f1770c994e3fd6c951e8b6fb50bbf58b081bf78676a48dbbb04ca09d0718a3a2a408854a76a

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun022cfb29d4270.exe

MD5 c1348ff07f0e075d4dc6b8b4dbd07bad
SHA1 ced3cd0ab52312efa2bde219cc5ee2b0ff003452
SHA256 7aa6720da94ff78ec44b41cfd3762d0c5c513e203e2251a7f69f026e223639d6
SHA512 5745683e88997bea2ea23eb21c96bbc4d9a4da1edc3f45d16bbd4396b47451e73b14b15197e768c2a9e80771507d1832811d6f2759f44f1c5c014e25883fc6f0

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c15b5925e78ff89.exe

MD5 eee22ff2db656e476edb612a94ad349b
SHA1 b0a0b275f47e8218b79efe10af9340e699954dc1
SHA256 24cd2f40e828f158ba641aba9752c1254a74a182df403f26798d123258d0f571
SHA512 2af24480bf8726bdc33c8a7b673a1508800b02f248446ec485f067f544f899b8e9c850b52c935f009d551c26664482557c8b2a845304bcc3ae3ad97dd8b7ef3e

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun022cfb29d4270.exe

MD5 fc6fd29a8d012c3a95afc8f7e29d8896
SHA1 0bf5502250befda50b0dd1e897690a3b39ee272e
SHA256 c4b92ea0144ec4ae868ef10379715b5f0ff0f2549b1f2e0cb63060afd5c355b1
SHA512 4974d9717c6d899d0a92ad3344fb8258809c4051388965985822f3c82a428785641243a9e3bed56d101598a9546b8e646cbc5b057a73b6e68d8d3561ff227e36

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun0210eeb3a99d13d.exe

MD5 507238c65d952c1f84a50b4539007274
SHA1 936440117e00b38799c60e30f637ea4bb7e74077
SHA256 aed416f98a622216a6fb053d638d6f38f43186cd8ee14538fd07f7e2aee3d74f
SHA512 5d4aacf58038da0a290a7b67d0e652a71e92c6ca851a531e0ee629015b154e72e5ee0531648fce15ad9cf645b9dc998e2a5096d4b5d556eb89c78d71d6a34c6d

memory/1972-92-0x00007FF8441E0000-0x00007FF844CA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02bc50fece462.exe

MD5 d00d52b3f4755b4caded6906fcdf32e6
SHA1 febee99cb67dc336b36e30e3be40d0fb7564c8eb
SHA256 46b006522b82c7cca5eb6e58aaf35d1354cdec5f9ed0b84fad019d0587bcbfdb
SHA512 0532843a48327f20969560e59756223c663ae02fa9dbdb873ee3822926fa204353d795a9de292c067b1bbedd9015e45fabc2858e807ff059984c053abccf12d0

memory/1972-93-0x0000000000190000-0x00000000001BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun027a93f82bc2f.exe

MD5 925faa82c829b6e95b4fcddb5f4a1615
SHA1 21b219c2779bed0681b3f44602e62c1ce4af6c4d
SHA256 050699a16720622528658dd2ff187fc1cb1400837b17684b8f6490b67da00e2e
SHA512 5f57c96e7d4c5cd794f79641258fd93cf50ab0d426f294808b8bf54d7e08ecd2c360396ee6df38dc0983eb27a3d3ce9bd6a63116b3d41ad5fb05b228bf6848ab

memory/1972-94-0x0000000002210000-0x0000000002216000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c9fa9e893321.exe

MD5 79954ee13bf7e33db3ccc27c5e732443
SHA1 72efe759d4fe1f2cc420c78b8ea9b7f5b6a00e47
SHA256 8660b4d6f3c293c14f4cfbb2a9ddba3c54a7af5ee30acab9a8c3965d91e5c8b9
SHA512 7b3f2957fb92fd40f369656e36157cb8c2c4c3fd56a3ade8f389e8016aaac476ded8c420db96223fc969e0165852d2c69b17942eda9198b951eff894965a78ca

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c15b5925e78ff89.exe

MD5 ab148ffdb51a3222620f04c3e7bf3a76
SHA1 d319a3d4198cd01d89153ce9695c8247b7731a7f
SHA256 6569119b6777954a535caa85300b05f94123f15348b6d41f30836e161fc5e39a
SHA512 60beeb2b67eb9c3a0540ff5251790401a9b6aa7cb0817438c27b81424bed04687420cc36435dc4688369d97900bb53b0bed542724114a5941898b40093de78a0

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun024d1be6a47f.exe

MD5 4190667d112bee5c6b2412363eda1644
SHA1 7e637f3db1f3ae70e7fee72bad3e0150cb60e795
SHA256 21fa1cc4159d952b269a6db8c697a891fcbcab4be4a56352142911ea3e349627
SHA512 8be3b9f04cca95be612fad6004c373a0b46e5744ec69ef33d0553d54b6da1075606fba7842bbffc1d7ce084ac8f0fb08ba3b52063dd51d27e1a47a4ad7ed116f

memory/4324-96-0x0000000002E90000-0x0000000002F90000-memory.dmp

memory/3068-97-0x0000000002F70000-0x0000000003070000-memory.dmp

memory/1972-99-0x0000000002370000-0x0000000002376000-memory.dmp

memory/2908-100-0x0000000002D40000-0x0000000002D49000-memory.dmp

memory/3068-102-0x0000000002F40000-0x0000000002F6F000-memory.dmp

memory/2908-101-0x0000000002D60000-0x0000000002E60000-memory.dmp

memory/4324-98-0x00000000049D0000-0x0000000004A6D000-memory.dmp

memory/1972-95-0x0000000002230000-0x0000000002250000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun029ff1fd15d.exe

MD5 c0d18a829910babf695b4fdaea21a047
SHA1 236a19746fe1a1063ebe077c8a0553566f92ef0f
SHA256 78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98
SHA512 cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823

memory/1808-104-0x0000000000A20000-0x0000000000AC0000-memory.dmp

memory/1892-106-0x0000000004DA0000-0x0000000004DD6000-memory.dmp

memory/3068-107-0x0000000004B80000-0x0000000004BA2000-memory.dmp

memory/1892-108-0x0000000005510000-0x0000000005B38000-memory.dmp

memory/3068-111-0x0000000004BF0000-0x0000000004C10000-memory.dmp

memory/3068-110-0x0000000000400000-0x0000000002CD5000-memory.dmp

memory/1892-112-0x0000000005390000-0x00000000053B2000-memory.dmp

memory/1972-114-0x00000000023B0000-0x00000000023C0000-memory.dmp

memory/3068-115-0x0000000004DC0000-0x0000000004DD2000-memory.dmp

memory/3068-116-0x0000000004DE0000-0x0000000004E1C000-memory.dmp

memory/1892-124-0x0000000005E20000-0x0000000005E86000-memory.dmp

memory/3068-128-0x0000000004E50000-0x0000000004E9C000-memory.dmp

memory/1892-129-0x0000000005E90000-0x00000000061E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fyinoeg4.utc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4324-130-0x0000000000400000-0x0000000002D15000-memory.dmp

memory/3068-131-0x0000000008210000-0x000000000831A000-memory.dmp

memory/1892-117-0x0000000005CB0000-0x0000000005D16000-memory.dmp

memory/3068-113-0x0000000007BF0000-0x0000000008208000-memory.dmp

memory/3068-109-0x0000000007640000-0x0000000007BE4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun029ff1fd15d.exe

MD5 4886f025a378ef539d3247a8caa21907
SHA1 2e1ddb5e2e09d6c6a96e30145a7c42b23c13af73
SHA256 6271f755bea03e6f7f229eb528f765b7f097eba1ab56c363a8ae2da587bc38af
SHA512 0dd2b230d884895c49337e02a76c48f77cc150c16795a6e81bc38046d73f94061dd58553674116f3a9c34e584b96a123ca0f854baebc87c93a99a7e255d4ce9c

memory/1892-134-0x0000000006330000-0x000000000634E000-memory.dmp

memory/2908-135-0x0000000000400000-0x0000000002CBA000-memory.dmp

memory/4776-138-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4776-140-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/4776-139-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/3068-141-0x0000000073610000-0x0000000073DC0000-memory.dmp

memory/4776-142-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/3068-148-0x0000000007630000-0x0000000007640000-memory.dmp

memory/1808-149-0x0000000000400000-0x0000000000950000-memory.dmp

memory/3068-147-0x0000000007630000-0x0000000007640000-memory.dmp

memory/1892-146-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

memory/3068-145-0x0000000007630000-0x0000000007640000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oTLooEahXNq\_Files\_Information.txt

MD5 348550619c9a2f78390c3fd074b83481
SHA1 6855e40b78adda871eb71a522b924fe8781d6d85
SHA256 75adc8d40ceef80d6910bfbb7f217a52d0d6f273946b17fe188da448cadcc81c
SHA512 4ffa744c5db2dd3021392329e322c1eb53c6d6513ede4b3c11cd91b3a7738107a56d3662e3fa8794cb48d6e1c2cdec8cb7882b83fc40c8fe1d4e7ed84db972db

memory/1972-254-0x00007FF8441E0000-0x00007FF844CA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oTLooEahXNq\_Files\_Information.txt

MD5 96a347b21497562b5f5a5b9de192129b
SHA1 dee39b908e43cb9a1fa334e557f10b99b5c4d8d8
SHA256 fda932e23b51ad41a1c8177905984488d9616d9dc06623485cf0f231ea4b2932
SHA512 245daf249d57dd013fb1b59105f5fb461698bfe3e1f2702ab65454354d94189c9c0c1e32f0786fd6a0a8eed66607533acc4e439da95385c789b5aff2708c1edb

memory/1892-257-0x000000007F770000-0x000000007F780000-memory.dmp

memory/1892-268-0x0000000006860000-0x000000000687E000-memory.dmp

memory/1892-269-0x00000000075C0000-0x0000000007663000-memory.dmp

memory/1892-372-0x0000000007670000-0x000000000768A000-memory.dmp

memory/1892-356-0x0000000007CF0000-0x000000000836A000-memory.dmp

memory/1892-374-0x00000000078D0000-0x0000000007966000-memory.dmp

memory/1892-373-0x00000000076E0000-0x00000000076EA000-memory.dmp

memory/1892-375-0x0000000007860000-0x0000000007871000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oTLooEahXNq\_Files\_Screen_Desktop.jpeg

MD5 eb584ca88a44bdb77b1fbcace9efe2f6
SHA1 4e55f9772600bdf3495ea0b1553f14bbedaa0e2f
SHA256 94d924f68b6a25597775d4d6fb0bb013263f18e3029fe4674686fcc3e5852948
SHA512 e20d9c71ffd7e05d6521fb2feb5f02eabf0e999d6c2ae38dac8250fd60ea38250d433047bf6db098fbfa690300a0ee7dd9dc03903a719a161ef3ce32988db2f5

C:\Users\Admin\AppData\Local\Temp\oTLooEahXNq\_Files\_Files\ConfirmWait.txt

MD5 ff12ebf9be7cf9d18cfbd5061b67b815
SHA1 b2d065a9d70b48038ddfa2fb026d82fb1c6fc22e
SHA256 82150dff91d03d5bf55c83365f0c3f8135efc2b01795628a6f8832749c96f922
SHA512 ec038a69c3597e6fbb11455a7df1ca9c24e14242f42a3ea1028a7b1f249ade9f96b1d4f9898a4d7cf2e715e86bed5672692917bf53456218618ae10f8726e149

memory/1892-258-0x000000006FBC0000-0x000000006FC0C000-memory.dmp

memory/1892-377-0x0000000007890000-0x000000000789E000-memory.dmp

memory/1892-378-0x00000000078A0000-0x00000000078B4000-memory.dmp

memory/1892-379-0x0000000007990000-0x00000000079AA000-memory.dmp

memory/1892-380-0x0000000007980000-0x0000000007988000-memory.dmp

memory/3420-384-0x0000000002E70000-0x0000000002E86000-memory.dmp

memory/1892-383-0x0000000073610000-0x0000000073DC0000-memory.dmp

memory/1892-256-0x00000000072D0000-0x0000000007302000-memory.dmp

memory/4776-144-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1892-143-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

memory/2908-388-0x0000000002D40000-0x0000000002D49000-memory.dmp

memory/2908-387-0x0000000000400000-0x0000000002CBA000-memory.dmp

memory/1892-137-0x0000000073610000-0x0000000073DC0000-memory.dmp

memory/4776-136-0x0000000000400000-0x000000000051B000-memory.dmp

memory/1808-103-0x0000000000C10000-0x0000000000D10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun024d1be6a47f.exe

MD5 7053d032d12774296b3746bab6d1b3a4
SHA1 518ada676a5dffd013663466bbdff3b97015299d
SHA256 ab4637f996d7e468f5f641746786d1d4b1665ec2205b6a72be4dbbb9474d3236
SHA512 1608e374680ac304cd9e76ed2da8335a8699dfd03418ac672ccf39e67300cd82d8b41d6d9e909487931bcd325f82f6de39fa981ab2a586efae3fad5e8e714edb

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun027a93f82bc2f.exe

MD5 584e63287f3679e0b51b6939fd7fce13
SHA1 a295481b08dd96297b6b8bef5f25d83dd3f3d871
SHA256 902ae8e3bb5f9df382231732c0bd30304164788218d6f35026aac9572cb24142
SHA512 af85aeb598d83594a32006d4879e19f5d529284f58f6078b38b6798af75b29e3a8ba5ae8dd6f39006987bab90766ac650d2f94734f2d19af62237d9dd3fada9a

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun0210eeb3a99d13d.exe

MD5 224b540840d3b3e33a13986f80b0136c
SHA1 1cf4ce35f2a56d55a46de20878c930a65987554e
SHA256 56b4f5459b6b8f891a5e02cf49259f99b76cad0db17896e96b0538748218ad08
SHA512 3e15ed0709debd2a77fa479a606e120b75e98130c64362d71718bb709978999d209e704a933340b7eef4a23398795f9b8bcf638998833874c2decdaf1b11656b

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\Sun02c9fa9e893321.exe

MD5 32c9636d70359a341ba9e8e9b9f3e133
SHA1 5ccb95b6cd8eabc49097004e75843b6ba378cb1f
SHA256 a4869cfba6a10f9bf55af765a621b58c7b254e9a06b18502d4a1093536065fce
SHA512 885e11ee9b56d3828402cd129c42e72ce9e4c712b6b00efa8e139651202c5c28e23c00efaa717f2144fed4ab07634a82c55b1c8c9c7379d0378bfad08b4956a3

memory/4776-71-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/4776-70-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/4776-68-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4776-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4776-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/4776-64-0x0000000064940000-0x0000000064959000-memory.dmp

memory/4776-62-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/4776-61-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/4776-59-0x000000006B440000-0x000000006B4CF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libstdc++-6.dll

MD5 e3fefe5f71a1588102b2777ab6a2cc0a
SHA1 3300f5d83b9a32589ae29e71e7aae992540f2858
SHA256 62a479abcb16d1484c92f2c7c6c644c455fa3bb0a5afe4e042afa5488260e76a
SHA512 f31e73546c0584fb95b539b1bad3405363c94a20dd1fccf6d543e11c4560e25a3370c8dbec1cd817380a638ecf6dcda31ae75942bb88a016ed234eebdeade998

memory/4776-55-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libstdc++-6.dll

MD5 8953113e7a19e951414570da3b79bde2
SHA1 639cf594f0ad1ec73f566ae56deb801bba474de6
SHA256 d82956244f9175be0948723ff68d52bd1644ba83f761442caf184bf155f29eaa
SHA512 8e6c89e5fa32ebdb3d2b79c6d0ebf4dc3480fd4f736f6144bcc85bbc43f67cf3a6999651eb73de3fa1b37ed3858b45dabe8c092ff9ffd5b0779f05357e4afd5f

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libgcc_s_dw2-1.dll

MD5 9aec524b616618b0d3d00b27b6f51da1
SHA1 64264300801a353db324d11738ffed876550e1d3
SHA256 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
SHA512 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\setup_install.exe

MD5 cdc06c011871809c88da9e27fdee0b55
SHA1 35dbba05eb71b29d51a5b64acf1341d29c59ef01
SHA256 6d439a3a679d9f8dc36f2dc9ebb2737b81caf32152063a38e0479c6325f0c490
SHA512 9d27d257cfd4399545e6a39bf3bf642fff60022802ca536e572636137837450c06bd9a7b9e966e8e0541350cbeb365c7d74204f160c808d38bea755fb4fa6336

C:\Users\Admin\AppData\Local\Temp\7zSC5ACC877\setup_install.exe

MD5 85556d36b095b25a8ec9972387dcd182
SHA1 78a81c979e30896014fc4fbacd20935e3258b887
SHA256 1cb46e5b4c784cffe576fe3818d52d9fe046f315758f4a5a74bc0450dba0bfdc
SHA512 c3ee45fddf93c586b9f6caf5f0849b53af255fa5dee7d24917922325f373aac7f2b3258b3fc5e9ede6f9068ca2d79b0091748929b864a03204d738bc28454a58

memory/4324-390-0x00000000049D0000-0x0000000004A6D000-memory.dmp

C:\Users\Admin\AppData\Roaming\atuaaus

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3068-394-0x0000000007630000-0x0000000007640000-memory.dmp

memory/3068-397-0x0000000000400000-0x0000000002CD5000-memory.dmp