r77 | a0ee5664312e247585b9b1ec5744c18380a5bb8cb56e044084d52e330002ee56

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156a71da2a68110469c383da6c39c616.exe
Size

5.6MB
MD5

156a71da2a68110469c383da6c39c616
SHA1

912915419f719f8de18aa486737cfb8ad3b02ff9
SHA256

a0ee5664312e247585b9b1ec5744c18380a5bb8cb56e044084d52e330002ee56
SHA512

802d7cb717e2917de634048448fc4397b8e41a52a6d9929633dff7974e740fe6d4c50ca06b044155248bdd4ac6e634cc968fbda60ae9eb504fb0b268acb42a9c
SSDEEP

98304:npTr9Ki6iH0eOZI39nQLB3L+mQ6QgLYIyM7aam+4Q3sclQ1+g5u:ph6m0eF9nQl3L+mQ6Q/te4Q3scRgE

Score

10^/10

r77 zgrat rat rootkit

Malware Config

Signatures

Detect ZGRat V1 36 IoCs

resource	yara_rule
behavioral1/memory/2320-7-0x0000000000320000-0x0000000000388000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-8-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-11-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-9-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-13-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-15-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-21-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-31-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-35-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-33-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-37-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-39-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-29-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-27-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-41-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-25-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-45-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-51-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-53-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-57-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-67-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-71-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-69-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-65-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-63-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-61-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-59-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-55-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-49-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-47-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-43-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-23-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-19-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/2320-17-0x0000000000320000-0x0000000000383000-memory.dmp	family_zgrat_v1
behavioral1/memory/380-2006-0x00000000051B0000-0x000000000520C000-memory.dmp	family_zgrat_v1
behavioral1/memory/320-3078-0x0000000002670000-0x00000000026D8000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
r77
r77 is an open-source, userland rootkit.
rootkit r77

r77 rootkit payload 8 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
behavioral1/files/0x0004000000004ed7-1952.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1986.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1985.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1990.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1989.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1992.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1991.dat	r77_payload
behavioral1/files/0x0004000000004ed7-1993.dat	r77_payload

Executes dropped EXE 5 IoCs

pid	Process
1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
380	MicrosoftSecurity.exe
320	WindowUpdate.exe
1308	Process not Found
2960	InstallUtil.exe

Loads dropped DLL 10 IoCs

pid	Process
2632	156a71da2a68110469c383da6c39c616.exe
2632	156a71da2a68110469c383da6c39c616.exe
2632	156a71da2a68110469c383da6c39c616.exe
1308	Process not Found
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
380	MicrosoftSecurity.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2960	InstallUtil.exe
2960	InstallUtil.exe
2960	InstallUtil.exe
2960	InstallUtil.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2320 set thread context of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 380 set thread context of 2960	380	MicrosoftSecurity.exe	38

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2320	156a71da2a68110469c383da6c39c616.exe
1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
380	MicrosoftSecurity.exe
380	MicrosoftSecurity.exe
1552	powershell.exe
2468	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	156a71da2a68110469c383da6c39c616.exe
Token: SeDebugPrivilege	1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
Token: SeDebugPrivilege	380	MicrosoftSecurity.exe
Token: SeDebugPrivilege	1552	powershell.exe
Token: SeDebugPrivilege	2468	powershell.exe
Token: SeDebugPrivilege	2960	InstallUtil.exe
Token: SeShutdownPrivilege	2960	InstallUtil.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2960	InstallUtil.exe
2960	InstallUtil.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2320 wrote to memory of 2632	2320	156a71da2a68110469c383da6c39c616.exe	30
PID 2632 wrote to memory of 1092	2632	156a71da2a68110469c383da6c39c616.exe	31
PID 2632 wrote to memory of 1092	2632	156a71da2a68110469c383da6c39c616.exe	31
PID 2632 wrote to memory of 1092	2632	156a71da2a68110469c383da6c39c616.exe	31
PID 2632 wrote to memory of 1092	2632	156a71da2a68110469c383da6c39c616.exe	31
PID 2632 wrote to memory of 380	2632	156a71da2a68110469c383da6c39c616.exe	32
PID 2632 wrote to memory of 380	2632	156a71da2a68110469c383da6c39c616.exe	32
PID 2632 wrote to memory of 380	2632	156a71da2a68110469c383da6c39c616.exe	32
PID 2632 wrote to memory of 380	2632	156a71da2a68110469c383da6c39c616.exe	32
PID 2632 wrote to memory of 320	2632	156a71da2a68110469c383da6c39c616.exe	33
PID 2632 wrote to memory of 320	2632	156a71da2a68110469c383da6c39c616.exe	33
PID 2632 wrote to memory of 320	2632	156a71da2a68110469c383da6c39c616.exe	33
PID 2632 wrote to memory of 320	2632	156a71da2a68110469c383da6c39c616.exe	33
PID 1092 wrote to memory of 2240	1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe	34
PID 1092 wrote to memory of 2240	1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe	34
PID 1092 wrote to memory of 2240	1092	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe	34
PID 380 wrote to memory of 848	380	MicrosoftSecurity.exe	35
PID 380 wrote to memory of 848	380	MicrosoftSecurity.exe	35
PID 380 wrote to memory of 848	380	MicrosoftSecurity.exe	35
PID 380 wrote to memory of 848	380	MicrosoftSecurity.exe	35
PID 380 wrote to memory of 2468	380	MicrosoftSecurity.exe	36
PID 380 wrote to memory of 2468	380	MicrosoftSecurity.exe	36
PID 380 wrote to memory of 2468	380	MicrosoftSecurity.exe	36
PID 380 wrote to memory of 2468	380	MicrosoftSecurity.exe	36
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 848 wrote to memory of 1552	848	WScript.exe	40
PID 848 wrote to memory of 1552	848	WScript.exe	40
PID 848 wrote to memory of 1552	848	WScript.exe	40
PID 848 wrote to memory of 1552	848	WScript.exe	40
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38
PID 380 wrote to memory of 2960	380	MicrosoftSecurity.exe	38

C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
"C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1092
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1092 -s 832
      4⤵
      Loads dropped DLL
      PID:2240
- - C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe
    "C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:380
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Dwwmxwalgiapyrviflxpx.vbs"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:848
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicrosoftSecurity\MicrosoftSecurity.exe'
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1552
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Sleep -s 5; Remove-Item -Path "C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe" -Force
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      4⤵
      Executes dropped EXE
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2960
- - C:\Users\Admin\AppData\Roaming\WindowUpdate.exe
    "C:\Users\Admin\AppData\Roaming\WindowUpdate.exe"
    3⤵
    - Executes dropped EXE
    PID:320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_Dwwmxwalgiapyrviflxpx.vbs

Filesize
203B

MD5
41ba08c2482349cca240dab7a700c99b

SHA1
7092954d24879f12a4af640b5e4751a61b85875d

SHA256
a3d7b48a1ce8ce3d2a205c5f1a25a84e07d114a747e181e33c17ab3e28cd690b

SHA512
d3dc824461f5927ca33487ad6341fb70899c3335ae0a7de098b346d65ec0fc9873f1853e1fe99e4a499e5904f50ba9ab91186fbf59f9c9433f36affee0aef6b7

Download Submit
C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
857KB

MD5
55f22f5d6412d74430b50d7c91d737e9

SHA1
967ea91de61913c5120c5b5f19d9804a2bb2d7f1

SHA256
d2bcbd09583ffd4f88189b469f0a191bb9785daf9682e06a42ff9ec37f4efdb6

SHA512
03350722cb883d8d8d625014f75e2104a24ccf12090ce52bceac97249971f7b18cf6183ddcaab9a5d48834f4cdee82a69c389f9dac77e6a36b36a14a39598071

Download Submit
C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
854KB

MD5
c601e0d372acf9c555d9d89fe82c933c

SHA1
4ebbca8eb3166f283c1d05616a3f9511116493a2

SHA256
3c1939ab23c46ffd2dc44b1d7bb8548de2a19513fb6b8b91902901f57d7a9217

SHA512
f8d3365fe73644601a2d6eccafd498aa3b2445e1a6a9637e4919d60f43d700982412c4bbcfc464aa968a9f1580726973c8f647c98a69fb7080dc6b641dbc1274

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
1e39747ee809cfca2a701dd3d8e039ee

SHA1
fdf2b6d673b13d6426bdad5600af620646d6a812

SHA256
907779370026900f17714b22dfac8773bb1b816c34f85dddf0c71f88441c872e

SHA512
907282b89343176eee65d6e5057f9052753b923bf32cf6d684259b5dd8e89d7c55bb5a759ca25f939edb406516765d81e11faf2fffd17a1d031da600b496045e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicrosoftSecurity\MicrosoftSecurity.exe

Filesize
2.2MB

MD5
1d35b9109ff73c9c21dc58f7ad9c44dd

SHA1
702b0b9158b8d253e5c0ac913c254d8eaedd0c95

SHA256
f2b718b50c7f309c3084782ccad7f599097ac66e01b86ee58dc4c20f6138a164

SHA512
d6d006894e88cf183f173bddc0d896029105dd84c51bdebf07cdacda9f96d7173873c4bce6bcdc811b93fd090b1bbd9c895fc01eb382d46937ed4e52744abe73

Download Submit
C:\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
884KB

MD5
bc372f1a5942922da7158c0090f99a53

SHA1
bf4eb4e13286668deff7e00aedef17ff3bc76958

SHA256
9ba5cb9ed4f90cf89ea546ca488bbd10539a0b0acaa7313289ac533f4a5df93e

SHA512
0a04710de5246d85b2113a5b96ae85cc0dba5579841c845722fb673b1a8162289fa8ed352accd05a9c0ed6191372e95bae36cecdceb95387de66cb44dd1169a6

Download Submit
C:\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
1013KB

MD5
d904f05a09f30058a7f0422a961571ad

SHA1
e3a9dc53087ecfaeffb31c5d61bc1897ab4100d5

SHA256
aa979d76e70550e06e1e166230ca73ead7de9a45ae496a435a7bac21fa674bce

SHA512
6468af5c5ef9c8df420fc61eb3305fc3a37191f2d1460012757cf5116f94d5e3295318dc17c7f25c58ea273037765080decc04c3f378639af5a11a4f189a7893

Download Submit
\Users\Admin\AppData\Local\Temp\InstallUtil.exe

Filesize
40KB

MD5
91c9ae9c9a17a9db5e08b120e668c74c

SHA1
50770954c1ceb0bb6f1d5d3f2de2a0a065773723

SHA256
e56a7e5d3ab9675555e2897fc3faa2dd9265008a4967a7d54030ab8184d2d38f

SHA512
ca504af192e3318359d4742a2ef26ae1b5d040a4f9942782e02549a310158d5d5dbf919b4c748c31ee609d2046bd23ee0c22712891c86ae4a1e3a58c6e67647e

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
1.3MB

MD5
17397e278f2c4c7f0182fca6fa806b5e

SHA1
ebdfd87194d31dfe6f89b93d7043deff94bc907c

SHA256
701334e05e5acbb580abeec4a6f83a32ed431476b50e95b3549b93e21af902b1

SHA512
caeaab922e447c197809c7242e876e3eb2f196dfe5bbcd2d687b340eec221c06c7fe6cfffd80df37fac2662326611810b58b56e556ecd61244677143636d7d39

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
480KB

MD5
137ab5486790546c6de20c704634d114

SHA1
ab40737d7ae56c37d87dfd4b3a14d879ba5d6e08

SHA256
83bc1fa580c369ea31327919feea39ce7a3d0c263cf3673e42c3e80e58d894ce

SHA512
d93eba0290a9bc1d0760ddabd751aae232745236a8d266f064be78a21233fcaf6a4174c724aca253f21dc65ee0f8ad784cf275b0eeeab5443ae9b49af2308b6f

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
475KB

MD5
7528fe96721c1e1918bc2542bce1b1fd

SHA1
691632e58b87b6a55dbec60b9eb41b127da2d33e

SHA256
78b81d416f080300c4a6c11ea244d89e6fa3b6cb09c690c0e515f98a768c37c6

SHA512
941cccd542957a18c7adf72793270570e1ea69218b75ddd889f1744b98ca0401175ef602d1ede3fdf7265cb066cd7fee32ee3d0e3025a2c82971c89912dfd2be

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
163KB

MD5
0e9ded0bd9ee908e594ff564bd47c902

SHA1
8bfd416aef8ad81046c372cc8735567eecb4138c

SHA256
6d304cb9d775328739bbb769573e4f6e639f19306d5b4935afe29059b5d33a36

SHA512
2f8daa0302725ce4213a1ef84fed5dfea5742688f33d3bcfa0202b8b896bf29e8219836755a33b2234dc6c3299a963d7c908fc3d5330be8032d1f6c0da7008b8

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
277KB

MD5
7a3783ff83d1854bc0972c11013ad1d5

SHA1
e23cebf3fd356e88584d612b4f046deddafcf4fb

SHA256
bbbd50f1d63b42e4afc2f47fba768e7c72277db068e06a979a0e0220dd8bf35d

SHA512
c14e070338a9be9bacec2b298776f683c1d9c2d228a995d6d4c3d3694768ca71f114cfb91222c3b58bf74de9eb757acee6ee401927a4fbc3a23d53ed8d4dfc74

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
312KB

MD5
f27f790034c560bc00865067132e7a14

SHA1
685299d251f9dc50e262894739a93b15d7a2c1c7

SHA256
b0338036ea4832c473b4b2a5d34a2ab80bdd2585f7660526dc54051dcd100d0f

SHA512
140e4a12449f3c95d01d415ff5c41eaa734e2ed7f3178ca021eb9810a7a3d6ed5a42e279c9915793314fb0de3b72cb76926863299b068f8aebbdaa2ca22a3860

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
523KB

MD5
ad8ab92bc0632057cb703d4ab9cb8d88

SHA1
557e436c379828df88f93233ff5d7d426cc6dfe2

SHA256
0755bcb438c660df8fe59c651052b861b1d3d8956cca1dadd61933e269c40459

SHA512
9c65c8503ddafee07e7f7b8278b371d9835224603061248517f39a98fbb4dc1947df4b53c66df59171702004c619f026e980b9e82446c620c9f87a36827d28ad

Download Submit
\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
209KB

MD5
304c50af0fd9e12f931e92f99107970c

SHA1
b3c90f6f193531b21da59e69bc14518d6140545e

SHA256
fbec9dd28511e799e0821b885f8e08e5ad36a0438d4424d6d07b9d6d011a5fd4

SHA512
e3a80b74fcfb2169ddfcf9229b22b4a351e8aba3d6580f3e1e936109e5e9fb1e2e9751297270da995a7842a21de48b8dbbb51861b379e3ae5775737d96774ad0

Download Submit
\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
1.1MB

MD5
5a2958163b1fac3ffaaab8e7faaa314e

SHA1
cc0ba984a2bbcb6da1c7343b1abaf7fd64b8bad6

SHA256
60ae6462f7c864d5f607452c19f948b31ad5b205710bb99890c3d806cf685757

SHA512
762b623c68590ac44d30fb4187e7affb4f714d6be60bc7f7f3d439e4f3830a78c17b73146863b28b19954cd31badcfc85d582397af30bed88238b91dca107432

Download Submit
\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
1.2MB

MD5
afd5c53679e6603192865722e58a76ee

SHA1
586e24941c149e383fdfe5ea1a8176b910ca3d3c

SHA256
56f985d1415326fea074ec7162665a84ae576428562718024b8cf3b7bf7b0b7a

SHA512
17f839a48ecaac51e302df618621e9c4ef696923f337cb6eccd990be9c79792aa7043b3d22f0bd92c763e5782aeb9c0087b38028d7d20188b73eafd039a7cea6

Download Submit
memory/320-2840-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-1971-0x00000000000F0000-0x0000000000386000-memory.dmp

Filesize
2.6MB

Download
memory/320-1996-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/320-2000-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-2002-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-4261-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-3078-0x0000000002670000-0x00000000026D8000-memory.dmp

Filesize
416KB

Download
memory/320-1981-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-1975-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/320-1979-0x000000001C290000-0x000000001C310000-memory.dmp

Filesize
512KB

Download
memory/320-2820-0x000000001D540000-0x000000001D79C000-memory.dmp

Filesize
2.4MB

Download
memory/380-2003-0x0000000005B90000-0x0000000005D98000-memory.dmp

Filesize
2.0MB

Download
memory/380-2006-0x00000000051B0000-0x000000000520C000-memory.dmp

Filesize
368KB

Download
memory/380-1967-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/380-1974-0x0000000000420000-0x0000000000460000-memory.dmp

Filesize
256KB

Download
memory/380-2005-0x0000000000420000-0x0000000000460000-memory.dmp

Filesize
256KB

Download
memory/380-1962-0x0000000000870000-0x0000000000AB2000-memory.dmp

Filesize
2.3MB

Download
memory/380-4240-0x0000000000420000-0x0000000000460000-memory.dmp

Filesize
256KB

Download
memory/380-4241-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/380-1994-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/1092-1997-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1988-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1973-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/1092-1976-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1978-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1977-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1980-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-2836-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-2004-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-2001-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1999-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1998-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1092-1995-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/1092-1972-0x0000000001C10000-0x0000000001C42000-memory.dmp

Filesize
200KB

Download
memory/1092-1982-0x000000001AB90000-0x000000001AC10000-memory.dmp

Filesize
512KB

Download
memory/1552-4245-0x00000000025C0000-0x0000000002600000-memory.dmp

Filesize
256KB

Download
memory/1552-4246-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/1552-4247-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/1552-4248-0x00000000025C0000-0x0000000002600000-memory.dmp

Filesize
256KB

Download
memory/1552-4249-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/2320-41-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-43-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-69-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-1-0x0000000001080000-0x000000000162A000-memory.dmp

Filesize
5.7MB

Download
memory/2320-65-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-63-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-67-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-57-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-61-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-53-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-59-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-51-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-45-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-55-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-25-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-19-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-27-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-29-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-39-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-37-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-49-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-33-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-0-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2320-47-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-35-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-71-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-23-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-31-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-21-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-1950-0x0000000005530000-0x0000000005570000-memory.dmp

Filesize
256KB

Download
memory/2320-15-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-13-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-9-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-1949-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2320-11-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-8-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-7-0x0000000000320000-0x0000000000388000-memory.dmp

Filesize
416KB

Download
memory/2320-6-0x00000000086C0000-0x0000000008C46000-memory.dmp

Filesize
5.5MB

Download
memory/2320-5-0x0000000005530000-0x0000000005570000-memory.dmp

Filesize
256KB

Download
memory/2320-4-0x0000000005530000-0x0000000005570000-memory.dmp

Filesize
256KB

Download
memory/2320-3-0x0000000005530000-0x0000000005570000-memory.dmp

Filesize
256KB

Download
memory/2320-2-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2320-17-0x0000000000320000-0x0000000000383000-memory.dmp

Filesize
396KB

Download
memory/2320-1930-0x0000000005530000-0x0000000005570000-memory.dmp

Filesize
256KB

Download
memory/2468-4244-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/2468-4243-0x00000000026E0000-0x0000000002720000-memory.dmp

Filesize
256KB

Download
memory/2468-4242-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/2468-4258-0x000000006F6A0000-0x000000006FC4B000-memory.dmp

Filesize
5.7MB

Download
memory/2632-1947-0x0000000000380000-0x0000000000388000-memory.dmp

Filesize
32KB

Download
memory/2632-1946-0x0000000000400000-0x0000000000A34000-memory.dmp

Filesize
6.2MB

Download
memory/2632-1945-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2632-1970-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download