Analysis Overview
SHA256
088559f2192fe04ad85f83e1a3ac931f2bdbb5a88b4146154858d00c40b4b551
Threat Level: Known bad
The file 2ccaeaf721c1ae29a84714ee5aca4f02 was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Vidar
RisePro
SmokeLoader
ZGRat
Detect ZGRat V1
NullMixer
Vidar Stealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Loads dropped DLL
ASPack v2.12-2.42
Reads user/profile data of web browsers
Themida packer
Checks BIOS information in registry
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-31 07:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-31 07:08
Reported
2024-01-02 12:22
Platform
win7-20231215-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
NullMixer
PrivateLoader
RisePro
SmokeLoader
Vidar
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\3d0c613fcb2403.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\79d822fc709e78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe
"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 27ce46284501.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b001a8f56.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f9a302645.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe
e9e6055abb695524.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe
b001a8f56.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe
f9a302645.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
27ce46284501.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe
20383e5a9a4c5112.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe
2d7080268fee447.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe
"C:\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe" -a
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 420
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\3d0c613fcb2403.exe
3d0c613fcb2403.exe
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\79d822fc709e78.exe
79d822fc709e78.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 956
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.4.15:443 | db-ip.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 104.26.4.15:443 | api.db-ip.com | tcp |
| US | 74.114.154.18:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | www.maxmind.com | udp |
| US | 104.18.145.235:80 | www.maxmind.com | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| N/A | 127.0.0.1:49266 | tcp | |
| N/A | 127.0.0.1:49268 | tcp | |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | aucmoney.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | thegymmum.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | atvcampingtrips.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | kuapakualaman.com | udp |
| US | 8.8.8.8:53 | renatazarazua.com | udp |
| US | 8.8.8.8:53 | nasufmutlu.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.11.8:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 104.21.5.208:80 | wfsdragon.ru | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | b1fa27e301c33e5e03a04b8e0342d625 |
| SHA1 | 2bdd134823a593c71e36f40141d361551c5b51d6 |
| SHA256 | 7afee80ce49ddb9ecb73d64466e5eb221438e92d5d09bdb1d39bc04890c8cb6a |
| SHA512 | 19870e5eda75884b1388ef05b91f3479bd966892e07b62052688d6d304071e314f487f57b255e5a2e7830f47d05c2fa61103290430c5fd5a9524fd35038fb70a |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | cfa223e13a801c92823acfdc0acc5783 |
| SHA1 | 66ef740e2f027c55c9d4cc24829d0e70f79718b2 |
| SHA256 | c85cc97449361d27ee643b0c5cdc64071a78884cb7066bdc915e7a2cc11fc44c |
| SHA512 | 0c89f78b5b49371d0a3ec8d4b61e3268dd1a2bc2045777794d7b260341271f3c85677e45f4b4840091c39e05e979a6aeb60c2a4b7a8bbaeca03aedcf6d57d57f |
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | b6ff904cb0c6455c5b25e5c0a5ee04ec |
| SHA1 | 356f8d22fd037f30c6d05d96144df4ffbfbeec1d |
| SHA256 | 9ae8fc63842a9a9205f2990d0e787b6a8c9c684e4772f3b5a273f85c281e5207 |
| SHA512 | d3c40dd9bab86778186ed77c4d3e63029b28d84253d030b4c6a0acf2d50528e000c7c2f114e41ef8e29fc3514b82feeecd99c9ea0e5259d613e64eb4734aabc7 |
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | e4fbd8b239608da88cb94abd73f902da |
| SHA1 | afc541de5a854922084ae92ba3621d02d7c3be9a |
| SHA256 | 991881c37add77ad102d0951ff2e582e745dcb76f491fa1310f97f10f585222b |
| SHA512 | bdb46013cfa9f838c98ca42e7e7681b65f852652843e53ec89c3744eaf2d8ff5bafa49341d14e6b0646ad14ad42441f000b45c16836f71e38897db30f91bf6de |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | 008b6a28d3e2a2677a128adcf7557ac2 |
| SHA1 | 3797e16bc2301c8d3834bfe07a5a5b53e350e170 |
| SHA256 | 449c7992cd5d97c1db1b0b8154d187fb5d84842e9f319de963e49c0a23ce4997 |
| SHA512 | 864713c5ca630dba0574ae8381baa021c0beab2d1c61aa3ee676342652b7bffb04981bdc57a2c23f1955b2fe11531b4a2240a92b9d8391c3ce5d3ff09f8b1980 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
memory/2800-28-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2800-33-0x000000006B440000-0x000000006B4CF000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | 023ff515d733689ba7cc43699fecafe1 |
| SHA1 | ccd10556a8ad5305f6fa6a3963bfe7b7eb824fc0 |
| SHA256 | 6d8a51da67b7faa62b0b9c769e8a9112a602a0b587ba2856876ba4afca4fb804 |
| SHA512 | dfe5e8bfbb0b668ab4f52fd090e0d747292cf2274bd8683ad4ca0a64285b410c079bc396ea8c833ab8e2a5ac90a54c47b0c49ace0c252401271e1430fcd04d14 |
memory/2800-40-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2800-41-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2800-43-0x000000006B440000-0x000000006B4CF000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | a149356bf80c776978fa63d2b14ea442 |
| SHA1 | ca9b0ab4ce0844d586767d43ddb6e6e4b86174c0 |
| SHA256 | 3e7c380a3e9e8d7b6766784daf04c77b553bfaf877773d59c71ee604c5e612f0 |
| SHA512 | 168705deb1e0ee497343d8230898ea96514a4ce7fa32d3fa4284c4b92cb4dafda5fdfce12a6f1d8bedc28cbee25673a0a3d816bee3721d6290a9735f6f7a25d0 |
memory/2800-44-0x000000006B440000-0x000000006B4CF000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | ccfa0c010074f2e604f5e17618cbf439 |
| SHA1 | c2f466f7591d24dcd18c501f1699efd15d85c60f |
| SHA256 | c030b0a4cc696dd6381e625b7dd1ba9f92306efcff2fd186afd5eb98c4afae1b |
| SHA512 | 5fa4211017069fc33ad9435dc4c62275f1e1cf89c812e7d947b8ea0c1c1c64f74d9f3b6484da13a9a13224550951c1bbc9da7bd831ed278b802253233907dd7e |
memory/2800-46-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2800-47-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2800-48-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2800-35-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2800-49-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/2800-51-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2800-52-0x000000006B280000-0x000000006B2A6000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\e9e6055abb695524.exe
| MD5 | 3263859df4866bf393d46f06f331a08f |
| SHA1 | 5b4665de13c9727a502f4d11afb800b075929d6c |
| SHA256 | 9dcacda3913e30cafd92c909648b5bffde14b8e39e6adbfb15628006c0d4d3c2 |
| SHA512 | 58205110a017f5d73dd131fefb1e3bbbcc670ed0c645aeefebe5281579c7b1dceffa56671cd7b186554bdb81710e21018ed0d7088a27517dfc5e48d6d3578cf6 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\f9a302645.exe
| MD5 | 19d8bee1e02b888281fac68702bea9ae |
| SHA1 | 1cdc5114214a6ec8c226aabdf78ab4cbdb9fde64 |
| SHA256 | ee63d15520498f546e96b8c8495e73a77cd0aeccb17ba1abd8acc78e1e5ec91c |
| SHA512 | 567c5be10f92cd103a182a2cea48c71a8776dfa91bf929a5df718516b5ae5b449341071c68f1f40837c80c794a218cca55638fd359f09f21b5c2ce7e1bdb355a |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\b001a8f56.exe
| MD5 | fcce864840d6700d71a8d68668d7a538 |
| SHA1 | fef82b13a6565e5da4eaf24ce6566c513c6a58fd |
| SHA256 | 0d017311cfc1554b76481b6b0d40d1c150c1a0aedcda302f513c01de0b1f4e4c |
| SHA512 | 3f01d5cd486b3394c46896f0d2c9eed1e6e1825c15e729ab357105d562fc0b73e7a7ab69f56107ae3e6941acff5dec43c3bbdda023909723c47547ea2d51d740 |
memory/860-105-0x0000000001390000-0x0000000001398000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
| MD5 | a44963b4e553ceda7cb540458f0dd612 |
| SHA1 | a09012edc7733f61b6bdcbc5f1df5e8c3d7b6a39 |
| SHA256 | bded016fb598004f77299543d1ef7a202c2496d86a57da1ef5ddcc25b2f1d548 |
| SHA512 | e26046a05e0b8566b629484bdae20e7b2db1052a7b6f67b6eedfce694545d466e353d60599de221533e0b82598c7df5753c418e2b1f5a204737bc77ad5b033fb |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\79d822fc709e78.exe
| MD5 | c27aacb1ef8285f37c7097d2c56e2f89 |
| SHA1 | ab9cbe523bb7aea1c9b5fb5f02678bdfec046326 |
| SHA256 | b2240d85a7b576f78d1a9e6ffb57da5aee9414b128be0b3250ffab9dd8aee938 |
| SHA512 | 38c925893e46ac41b337c56456d868b012cdf64879de8c706a20cd9156f81c70ee759c565b0df83f31f3519bfc50602ca3081cefbaa7de60130a14debd1065a8 |
\Users\Admin\AppData\Local\Temp\7zS88856B46\79d822fc709e78.exe
| MD5 | 0965da18bfbf19bafb1c414882e19081 |
| SHA1 | e4556bac206f74d3a3d3f637e594507c30707240 |
| SHA256 | 1cdddf182f161ab789edfcc68a0706d0b8412a9ba67a3f918fe60fab270eabff |
| SHA512 | fe4702a2fde36b4fb0015ad7d3e2169a1ccbf5e29d7edef40f104ed47661b4b0365b13b1913e9f4e0ab7bc9ac542ee86c02a802a13567dfd0b8f5485a5be829b |
memory/2388-111-0x0000000002220000-0x0000000002A46000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\79d822fc709e78.exe
| MD5 | 88750c8657b3ab627d439a2c3221eb41 |
| SHA1 | f92d4d52207b9283df559300c8fee92daee2543f |
| SHA256 | dff2c2513dd6db13c81b65a88c741e8cbfa4263e9c0a2fbb5400ab79630d111f |
| SHA512 | 71d4f0186010b0f369056bd925509f70e355eb20d9696a65be7bc3304bd978db01516be9bcbe460224ee6493b57367bf9d2eb9596792e88ad0986f2d89a1130e |
\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
| MD5 | 93480948d180a8940e834b882d9f2242 |
| SHA1 | 37d1c3e71b8756066f2ebd3fd9268e5943a8c6c7 |
| SHA256 | df8ed55ab4b24485cc307eac833bf0463c3e472dff3aa11623eaa798f0a149e4 |
| SHA512 | 161743f85d2a53aeaa4cae2fe4203b608853abe225bba07d30f893e3fb3dfcb0205af8e4bc07bda8e0ee9ecbbbd77d0a7d4a40ef2239c55e1b38243d390e33b1 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
| MD5 | aad4cb71d36a4a6008184401818fd8a8 |
| SHA1 | be4ea22c1b56b061777999a21d572fa7d4163477 |
| SHA256 | 62d8d671c2cecb50a2a78bbb9349633669969d10837861ee507ec054aa489d5e |
| SHA512 | 14e08694d32f3d7bad608c7c87ddb15d93cc5685986780767f690d1f4ea2bc1a564ab3d7ca5818562bf0e589fc3ce7bd18f7906262ace39245ee4ac446c9901e |
memory/2384-112-0x00000000015D0000-0x0000000001DF6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\3d0c613fcb2403.exe
| MD5 | 5866ab1fae31526ed81bfbdf95220190 |
| SHA1 | 75a5e08b3b9ad2dff35dfbbb3ffe8d983c2be25f |
| SHA256 | 9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e |
| SHA512 | 8d99ab09e84e4ef309da34be94946cbfcffeb1c0ca49e2452deb738d801e551062ebb134f1b99a9baf03003a8e720d525521ce09aeac341d3cba3fcfbc618fb5 |
memory/2384-116-0x00000000015D0000-0x0000000001DF6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\20383e5a9a4c5112.exe
| MD5 | 181f1849ccb484af2eebb90894706150 |
| SHA1 | 45dee946a7abc9c1c05d158a05e768e06a0d2cdc |
| SHA256 | aeb2d203b415b00e0a23aa026862cec8e11962fdb99c6dce38fb0b018b7d8409 |
| SHA512 | a87485005ca80e145a7b734735184fa2d374a7f02e591eec9e51b77dc2a51be7f8198ce5abfceb9546c48bf235a555f19d6c57469975d0b4c786b0db16df930c |
memory/3052-118-0x0000000000C50000-0x0000000000C7E000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | 967f46fe258a23a22b2924bdd08c2adb |
| SHA1 | 1c147f164a93b66d8fe973b2c6a7c95380a41c63 |
| SHA256 | a138b91ceda3d730e24dd0b626f33add29ac4934e6a40ae110baaea70cc82a0d |
| SHA512 | fcc25d827dd6df8b897fe560e469c183b31ffa2abb2cf945e6b38b750813c7238e706b0fc1f109b19e6213325408d6c2b3dda77887d241651e4e64626405956b |
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | 701dada6b3eb0556f06f4dde8e991f47 |
| SHA1 | cb5261becd774340b7c7ca9135e91fbffd1f7386 |
| SHA256 | a4f2287c27130ab8219e9d63dc0ea410db4e06b2373a83199476685bc4c5bf2e |
| SHA512 | 0bec68af9d29cd3d141d9c4d67f97dd58b1ac668cbbfa6e6f3fab91dcfd2b05e078e968082960e4a672cb7ea8d5e41354e19ed8fd4a4dfb70a1495c7a0ee5a63 |
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | e91a686ccd5392bf7173fda83b8205fb |
| SHA1 | ad76f6f751fb2bc4e663a661621e67dd748916c2 |
| SHA256 | 22f38dcf8a633dc29068e83271627dbded8d24757613f0049a76f4265ab0e954 |
| SHA512 | 18a1d7148ac76b1b34651ab0802f40395a3fbab0828ee8ef735576a368c9cac1f1add12ee0f43dfed61e9f176e3a00fc963f5b2405a07ea8c14cf1f7a46e5693 |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\2d7080268fee447.exe
| MD5 | 83cc20c8d4dd098313434b405648ebfd |
| SHA1 | 59b99c73776d555a985b2f2dcc38b826933766b3 |
| SHA256 | 908b275d6fc2f20e9d04e8609a9d994f7e88a429c3eb0a55d99ca1c681e17ec8 |
| SHA512 | e00009e1f322a1fe6e24f88a1cc722acf3094569174e7c58ebf06f75f50a7735dcebf3e493886bbdc87593345adc8bb7b6f2daca2e64618f276075a0bb46bb8c |
C:\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
| MD5 | 64cdb850b4f6ce72130bf5a9f0dc9b70 |
| SHA1 | e0839766ad359913e6fd5ad6740bf1f0fccd2f2f |
| SHA256 | 6c6442e1319aedd6bbb1170380f0289efbe7b2b378214f088ac59719b9ef8063 |
| SHA512 | 0512b90899fe69825a1bd5ff3885919941ec99d89607df392d1dbb05098acb3dab1418cc8a3330886824e2873cb5455af86e2364d65fd47d12f9bd40f7a5425b |
\Users\Admin\AppData\Local\Temp\7zS88856B46\27ce46284501.exe
| MD5 | 61bc853e9c150d2d208a40cf61eef038 |
| SHA1 | 87edfc01ee6c34f3f5e7338f52678c68e62fb6c0 |
| SHA256 | 016622dc30c3e40227fd273cee112d08e91b99dccf209ba5e3a11e9c1f7bc428 |
| SHA512 | ffeee17934239e94fa2cf74b21e9c7cff5b64c212abc3a2863746c8bb17d409e9e774a9caa38dc2a075b4ff3c6569d9dd5f97e1e21e772651a9051742b9a7ebe |
memory/3052-131-0x00000000001C0000-0x00000000001C6000-memory.dmp
memory/3052-132-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp
memory/2800-133-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/2800-135-0x0000000064940000-0x0000000064959000-memory.dmp
memory/2800-136-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/2800-137-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/2800-138-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/2800-139-0x000000006FE40000-0x000000006FFC6000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS88856B46\setup_install.exe
| MD5 | 421aa18379c306638731014d2d976fed |
| SHA1 | a77dd256bb90d75b58a20b3a74cbb9a88663ac91 |
| SHA256 | 4bbd9a6becd5279ed9e7d40049564cb4e9d07eae904532e0ea404e288bd17c42 |
| SHA512 | 962c30727e958c26e295ae041f1b2e2c1d986634e15107da215a958fcafa2ba49cf7c8a525f4bcdd01e1b6672222105bbb2acb8ea0456f0a27c93380eba65695 |
memory/1384-141-0x00000000025F0000-0x0000000002606000-memory.dmp
memory/3052-145-0x00000000001D0000-0x00000000001F2000-memory.dmp
memory/1128-140-0x0000000000400000-0x000000000334B000-memory.dmp
memory/3052-147-0x00000000003F0000-0x00000000003F6000-memory.dmp
memory/1352-142-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/1352-148-0x00000000034A7000-0x00000000034B7000-memory.dmp
memory/1352-149-0x0000000000240000-0x0000000000249000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabBD1A.tmp
| MD5 | d71dff97ca86ca16c3db8bdb5285fb35 |
| SHA1 | 271c01246897497d069b81ed37af296cf6c1e498 |
| SHA256 | 4a19255504acfbd49c4e1aed722c7e62b50b5742b860eedabc5f46160f8aefac |
| SHA512 | 1fed2a183296b563e35d803927e539d28169895f6ca5b522a1c714f222a2d3e578b1e167b19568b5ad4800b898f7ac041c7bd8f6bb02d1361b32cbdcfb0f682a |
memory/2384-161-0x0000000077300000-0x0000000077302000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TarBF7D.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/1128-171-0x0000000003350000-0x00000000033ED000-memory.dmp
memory/1128-162-0x0000000003490000-0x0000000003590000-memory.dmp
memory/860-160-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp
memory/1128-172-0x0000000000400000-0x000000000334B000-memory.dmp
memory/2384-179-0x00000000009B0000-0x00000000011D6000-memory.dmp
memory/860-180-0x0000000000BA0000-0x0000000000C20000-memory.dmp
memory/3052-191-0x000000001AE40000-0x000000001AEC0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41491c799aa1aa2dd51b35742a92621b |
| SHA1 | 54239338ea1364d2c610804108b344f09ad1a53d |
| SHA256 | 2d71dbe6ebb735a8cc284621169e0d8268d3fb2051b37c3dff0b2dabaaaa8e87 |
| SHA512 | 0c24d23aba28eebbdf833282b2124f36a032e0ffc3aec0e3e4a69d67da0c63c130ec358622e58a9c9e9460b9f872787e20dbe18f4b70fae96eb4182de7030de8 |
memory/3052-357-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp
memory/2388-366-0x0000000002220000-0x0000000002A46000-memory.dmp
memory/2384-367-0x00000000015D0000-0x0000000001DF6000-memory.dmp
memory/860-368-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp
memory/1128-369-0x0000000003490000-0x0000000003590000-memory.dmp
memory/2384-378-0x00000000009B0000-0x00000000011D6000-memory.dmp
memory/860-379-0x0000000000BA0000-0x0000000000C20000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-31 07:08
Reported
2024-01-02 12:22
Platform
win10v2004-20231215-en
Max time kernel
0s
Max time network
150s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NullMixer
PrivateLoader
RisePro
SmokeLoader
Vidar
ZGRat
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zS43A27367\setup_install.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe
"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43A27367\setup_install.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\3d0c613fcb2403.exe
3d0c613fcb2403.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1516 -ip 1516
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 572
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\e9e6055abb695524.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43A27367\e9e6055abb695524.exe" -a
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\2d7080268fee447.exe
2d7080268fee447.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\b001a8f56.exe
b001a8f56.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\e9e6055abb695524.exe
e9e6055abb695524.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\20383e5a9a4c5112.exe
20383e5a9a4c5112.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\f9a302645.exe
f9a302645.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\27ce46284501.exe
27ce46284501.exe
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\79d822fc709e78.exe
79d822fc709e78.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c b001a8f56.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c f9a302645.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 27ce46284501.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marisana.xyz | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 37.0.8.235:80 | tcp | |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | music-sec.xyz | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 8.8.8.8:53 | live.goatgame.live | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 53.96.141.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lenak513.tumblr.com | udp |
| US | 74.114.154.18:443 | lenak513.tumblr.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.154.114.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 37.0.11.8:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | s.lletlee.com | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | wfsdragon.ru | udp |
| US | 104.21.5.208:80 | wfsdragon.ru | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 208.5.21.104.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| NL | 212.193.30.115:80 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| RU | 185.230.143.16:32115 | tcp | |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
| US | 3.141.96.53:443 | live.goatgame.live | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\setup_install.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1516-34-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/1516-43-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/908-86-0x0000000000770000-0x000000000079E000-memory.dmp
memory/4656-87-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-95-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-99-0x0000000000CF0000-0x0000000001516000-memory.dmp
memory/908-102-0x0000000001080000-0x0000000001086000-memory.dmp
memory/4656-101-0x0000000077D64000-0x0000000077D66000-memory.dmp
memory/4656-105-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-106-0x0000000005D90000-0x0000000005DA2000-memory.dmp
memory/5076-107-0x00007FFE85F50000-0x00007FFE86A11000-memory.dmp
memory/3064-110-0x00000000034A0000-0x00000000035A0000-memory.dmp
memory/4656-112-0x0000000005E30000-0x0000000005E7C000-memory.dmp
memory/4656-109-0x0000000005DF0000-0x0000000005E2C000-memory.dmp
memory/4656-113-0x0000000005FE0000-0x00000000060EA000-memory.dmp
memory/3064-114-0x0000000000400000-0x00000000032F8000-memory.dmp
memory/1516-115-0x0000000000400000-0x0000000000C7F000-memory.dmp
memory/1516-119-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3312-121-0x0000000003470000-0x0000000003570000-memory.dmp
memory/1516-123-0x000000006EB40000-0x000000006EB63000-memory.dmp
memory/1516-122-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-120-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3312-124-0x0000000000400000-0x000000000334B000-memory.dmp
memory/1516-118-0x0000000064940000-0x0000000064959000-memory.dmp
memory/908-117-0x000000001B4B0000-0x000000001B4C0000-memory.dmp
memory/3312-116-0x0000000003570000-0x000000000360D000-memory.dmp
memory/5076-108-0x000000001ADB0000-0x000000001ADC0000-memory.dmp
memory/4656-104-0x0000000006380000-0x0000000006998000-memory.dmp
memory/3064-103-0x00000000001C0000-0x00000000001C9000-memory.dmp
memory/4656-100-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-98-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/908-97-0x0000000000F40000-0x0000000000F62000-memory.dmp
memory/4656-96-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/5076-94-0x0000000000130000-0x0000000000138000-memory.dmp
memory/4656-92-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-89-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/908-91-0x0000000000F30000-0x0000000000F36000-memory.dmp
memory/908-84-0x00007FFE85F50000-0x00007FFE86A11000-memory.dmp
memory/4656-69-0x0000000000CF0000-0x0000000001516000-memory.dmp
memory/1516-42-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/1516-41-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-39-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-40-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-38-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-37-0x0000000064940000-0x0000000064959000-memory.dmp
memory/1516-36-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/1516-35-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/1516-32-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/1516-33-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/1516-31-0x000000006B440000-0x000000006B4CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\libgcc_s_dw2-1.dll
| MD5 | 3947561e2e1528a3936ed77810504e80 |
| SHA1 | 3a6891b73e59bfd230d43791914750cb1a07e126 |
| SHA256 | 2c6617cde9e29d37e2fe979df0458f0c62303bc233753370a28bef035b91a0dd |
| SHA512 | 4bb05f9e36b65a881721bdb7ea4b8249562eb49294999be72e9189dbcb8e8822dc566b21aa61c8773c22211a59d261056746b2c2638a35b3b73d2401505654bc |
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\setup_install.exe
| MD5 | d8dcfb8e373415bffbb369560e7be978 |
| SHA1 | c12141f38d0876a4a98b93c8acddd1a66a3088ae |
| SHA256 | 39eac12f59a6cd91ac5750ccf59608d0009fcccd9515c06a7f0c05149289e564 |
| SHA512 | 175e9f2f9183ef4a946d2ac8fef6a71c76e00f92c71793091bc62f64906b2f419ba54b8a76e4c8e91a3515b25ef92899bbecc9e8d0e8bef34bcd6102d2749e3e |
C:\Users\Admin\AppData\Local\Temp\7zS43A27367\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/4656-133-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/4656-132-0x0000000076E10000-0x0000000076F00000-memory.dmp
memory/5076-137-0x000000001ADB0000-0x000000001ADC0000-memory.dmp
memory/4656-138-0x0000000076E10000-0x0000000076F00000-memory.dmp