Malware Analysis Report

2024-10-19 02:13

Sample ID 240103-lwpsmsfbf2
Target 2ccaeaf721c1ae29a84714ee5aca4f02
SHA256 088559f2192fe04ad85f83e1a3ac931f2bdbb5a88b4146154858d00c40b4b551
Tags
nullmixer privateloader risepro smokeloader vidar zgrat 706 pub6 backdoor dropper loader rat stealer themida trojan aspackv2
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

088559f2192fe04ad85f83e1a3ac931f2bdbb5a88b4146154858d00c40b4b551

Threat Level: Known bad

The file 2ccaeaf721c1ae29a84714ee5aca4f02 was found to be: Known bad.

Malicious Activity Summary

nullmixer privateloader risepro smokeloader vidar zgrat 706 pub6 backdoor dropper loader rat stealer themida trojan aspackv2

NullMixer

SmokeLoader

ZGRat

RisePro

PrivateLoader

Vidar

Detect ZGRat V1

Vidar Stealer

Executes dropped EXE

ASPack v2.12-2.42

Themida packer

Loads dropped DLL

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Program crash

Enumerates physical storage devices

Unsigned PE

Amadey

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-03 09:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-03 09:53

Reported

2024-01-03 09:55

Platform

win10v2004-20231222-en

Max time kernel

0s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

NullMixer

dropper nullmixer

PrivateLoader

loader privateloader

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

ZGRat

rat zgrat

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Amadey

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe

"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\setup_install.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\2d7080268fee447.exe

2d7080268fee447.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2852 -ip 2852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 588

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\e9e6055abb695524.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\e9e6055abb695524.exe" -a

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\20383e5a9a4c5112.exe

20383e5a9a4c5112.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\27ce46284501.exe

27ce46284501.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\3d0c613fcb2403.exe

3d0c613fcb2403.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\f9a302645.exe

f9a302645.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\79d822fc709e78.exe

79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\e9e6055abb695524.exe

e9e6055abb695524.exe

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\b001a8f56.exe

b001a8f56.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c b001a8f56.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c f9a302645.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 27ce46284501.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2276 -ip 2276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4832 -ip 4832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 1576

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 marisana.xyz udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
NL 37.0.8.235:80 tcp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 music-sec.xyz udp
US 8.8.8.8:53 live.goatgame.live udp
US 8.8.8.8:53 iplogger.org udp
US 104.21.4.208:443 iplogger.org tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 lenak513.tumblr.com udp
US 74.114.154.22:443 lenak513.tumblr.com tcp
US 8.8.8.8:53 22.154.114.74.in-addr.arpa udp
US 104.21.4.208:443 iplogger.org tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 s.lletlee.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.22:443 lenak513.tumblr.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 74.114.154.22:443 lenak513.tumblr.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.11.8:80 tcp
US 8.8.8.8:53 aucmoney.com udp
US 8.8.8.8:53 thegymmum.com udp
US 8.8.8.8:53 atvcampingtrips.com udp
US 8.8.8.8:53 kuapakualaman.com udp
US 8.8.8.8:53 renatazarazua.com udp
US 8.8.8.8:53 nasufmutlu.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 104.21.5.208:80 wfsdragon.ru tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 212.193.30.115:80 tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\setup_install.exe

MD5 6cba3fc79f15b2fa16466518feb8ccfd
SHA1 6780744b3d026db256a160e969e82fe45bf2b0fb
SHA256 d247da9cc2437b73bd5c06a1c7269564838c6c81af3cbec25a13d9e88186f119
SHA512 e070cf1661d4027e075b5a9fea318ad02f6935229dc3e4307913dc5a08d9a7554db29eabede38e7a9d8ac33ba1aa84aa24f7dba0275a9b920bb11368d3e7452e

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\setup_install.exe

MD5 8457a6a66e87533e9deab3979c868266
SHA1 6b8cdda8e73323e91ad3b0181f516ca4897b23a5
SHA256 41f63e586bb2b67408d43ab6849fcfd1d1f7b19571eeae1d6be043c5b2fc702f
SHA512 00e4c39df83f6f55fa6132b98d9f09c84d2c66e1173b73d2876d1a50803d237a248e7605ab2ba23eebf5e77b9ce7604f795cfc460f0bb5f3f06334394ab4baec

memory/2852-32-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2852-37-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-43-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1104-90-0x0000000000C70000-0x0000000000C9E000-memory.dmp

memory/4588-92-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-94-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-98-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-99-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/1104-105-0x0000000002C30000-0x0000000002C36000-memory.dmp

memory/4588-106-0x0000000005FC0000-0x00000000065D8000-memory.dmp

memory/4588-107-0x00000000058F0000-0x0000000005902000-memory.dmp

memory/4588-108-0x0000000005950000-0x000000000598C000-memory.dmp

memory/4588-102-0x00000000007B0000-0x0000000000FD6000-memory.dmp

memory/4588-109-0x00000000059A0000-0x00000000059EC000-memory.dmp

memory/2276-110-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/4588-113-0x00000000775F4000-0x00000000775F6000-memory.dmp

memory/2852-117-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2852-119-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2852-120-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2852-122-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-121-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/4832-123-0x0000000000400000-0x000000000334B000-memory.dmp

memory/4588-118-0x0000000005B50000-0x0000000005C5A000-memory.dmp

memory/4832-116-0x00000000035C0000-0x00000000036C0000-memory.dmp

memory/1104-124-0x000000001BA00000-0x000000001BA10000-memory.dmp

memory/2852-114-0x0000000000400000-0x0000000000C7F000-memory.dmp

memory/2276-115-0x0000000003640000-0x0000000003740000-memory.dmp

memory/4588-112-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4832-111-0x0000000003460000-0x00000000034FD000-memory.dmp

memory/2276-103-0x00000000001C0000-0x00000000001C9000-memory.dmp

memory/4588-101-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/1104-100-0x0000000002C00000-0x0000000002C22000-memory.dmp

memory/4588-97-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/1104-95-0x0000000002BF0000-0x0000000002BF6000-memory.dmp

memory/4588-91-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/1104-89-0x00007FFF49F10000-0x00007FFF4A9D1000-memory.dmp

memory/2392-87-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

memory/4588-84-0x00000000007B0000-0x0000000000FD6000-memory.dmp

memory/2392-79-0x00007FFF49F10000-0x00007FFF4A9D1000-memory.dmp

memory/2392-75-0x0000000000E30000-0x0000000000E38000-memory.dmp

memory/2852-42-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2852-41-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-40-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-39-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-38-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/2852-36-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2852-34-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2852-35-0x0000000064940000-0x0000000064959000-memory.dmp

memory/2852-33-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2852-30-0x0000000000F00000-0x0000000000F8F000-memory.dmp

memory/2852-29-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC14A5A27\setup_install.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3484-125-0x0000000002750000-0x0000000002766000-memory.dmp

memory/4832-137-0x0000000000400000-0x000000000334B000-memory.dmp

memory/2276-138-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/2392-140-0x00007FFF49F10000-0x00007FFF4A9D1000-memory.dmp

memory/4588-141-0x00000000007B0000-0x0000000000FD6000-memory.dmp

memory/4588-146-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/2392-145-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

memory/4588-144-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-143-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-153-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-152-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-151-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-150-0x00000000759A0000-0x0000000075A90000-memory.dmp

memory/4588-154-0x00000000759A0000-0x0000000075A90000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-03 09:53

Reported

2024-01-03 09:55

Platform

win7-20231129-en

Max time kernel

0s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

NullMixer

dropper nullmixer

PrivateLoader

loader privateloader

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

ZGRat

rat zgrat

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.db-ip.com N/A N/A
N/A api.db-ip.com N/A N/A

Enumerates physical storage devices

Amadey

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1420 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 1696 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe C:\Windows\SysWOW64\cmd.exe
PID 2508 wrote to memory of 1984 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\3d0c613fcb2403.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe

"C:\Users\Admin\AppData\Local\Temp\2ccaeaf721c1ae29a84714ee5aca4f02.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\b001a8f56.exe

b001a8f56.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\e9e6055abb695524.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\e9e6055abb695524.exe" -a

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\f9a302645.exe

f9a302645.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\79d822fc709e78.exe

79d822fc709e78.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\2d7080268fee447.exe

2d7080268fee447.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\27ce46284501.exe

27ce46284501.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\e9e6055abb695524.exe

e9e6055abb695524.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\3d0c613fcb2403.exe

3d0c613fcb2403.exe

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\20383e5a9a4c5112.exe

20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 79d822fc709e78.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c b001a8f56.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 2d7080268fee447.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 416

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c f9a302645.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 3d0c613fcb2403.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c e9e6055abb695524.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 20383e5a9a4c5112.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 27ce46284501.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 952

Network

Country Destination Domain Proto
US 8.8.8.8:53 marisana.xyz udp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 s.lletlee.com udp
US 8.8.8.8:53 live.goatgame.live udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 db-ip.com udp
US 104.26.5.15:443 db-ip.com tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 lenak513.tumblr.com udp
US 74.114.154.22:443 lenak513.tumblr.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 music-sec.xyz udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 api.db-ip.com udp
US 104.26.4.15:443 api.db-ip.com tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 www.maxmind.com udp
US 104.18.146.235:80 www.maxmind.com tcp
NL 37.0.8.235:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 iplogger.org udp
US 104.21.4.208:443 iplogger.org tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 aucmoney.com udp
US 8.8.8.8:53 thegymmum.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 atvcampingtrips.com udp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 kuapakualaman.com udp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 8.8.8.8:53 renatazarazua.com udp
US 8.8.8.8:53 nasufmutlu.com udp
US 104.21.4.208:443 iplogger.org tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 37.0.11.8:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 104.21.5.208:80 wfsdragon.ru tcp
NL 212.193.30.115:80 tcp
US 3.20.137.44:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
NL 212.193.30.115:80 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp
RU 185.230.143.16:32115 tcp
US 3.141.96.53:443 live.goatgame.live tcp
US 3.141.96.53:443 live.goatgame.live tcp

Files

\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

MD5 2356e7051e8df1fc9da33fa713da888b
SHA1 40848282543e6465b806808083d4c43ed758f4de
SHA256 28fed1cf112c498bd9cb512ea236871f1c99aa943fe9a255d1b8605d89e33535
SHA512 304efdf9a5196e7bc1417945fade0579e6b60f6e6e91416ff92494718f99c1d9e1c3c8cd6c131ab5167be55bf569ea68dc607acb0d45b1d9125eae7048db8dcc

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

MD5 95160c9e0e414a07b0383c3a75aa5e8e
SHA1 5c71bddc8f1a9d433e5018fab60158ad2546456c
SHA256 04497209f70b041f30e188ccef6b1dd0a8e602b8a27b6a03e83412c18dc4ced2
SHA512 ba78f7c02b8ee9ee71526a3ecbc07dcdf3aa7ec9d12718a077340ff8256f72e41b205f44073ff84343b3ff5d8fe163a423256630a503fbcd4bf1980bc18451d8

\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

MD5 f9b5fcc1c168a777b42922b8e88afdb8
SHA1 37000a879ea2a9fb0bc080f7ff453b721fd30a0c
SHA256 ef73c7d2020a1ad695009c8b52b977861eee23a4167c8845528fb9a477a812a0
SHA512 080147911e93c06d3090e84c1f0ff5c7e4810beb40bdac7010bcea89f9064cbb8c7b56b2d96e07a6cc73c9934ca93d06d8fa06794c04e8d5fd11908b24e4397e

memory/1696-44-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1696-51-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/2528-121-0x00000000005D0000-0x00000000005D6000-memory.dmp

memory/2932-123-0x0000000001350000-0x0000000001B76000-memory.dmp

memory/2540-127-0x0000000003350000-0x00000000033ED000-memory.dmp

memory/2932-126-0x0000000077460000-0x0000000077462000-memory.dmp

memory/2988-125-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

memory/2528-124-0x0000000000600000-0x0000000000606000-memory.dmp

memory/2528-122-0x00000000005E0000-0x0000000000602000-memory.dmp

memory/2540-128-0x0000000000400000-0x000000000334B000-memory.dmp

memory/1132-130-0x0000000000290000-0x0000000000299000-memory.dmp

memory/1132-129-0x0000000003410000-0x0000000003510000-memory.dmp

memory/2932-104-0x00000000009A0000-0x00000000011C6000-memory.dmp

memory/2988-132-0x000000001AF40000-0x000000001AFC0000-memory.dmp

memory/2932-133-0x00000000009A0000-0x00000000011C6000-memory.dmp

memory/2540-135-0x00000000034A0000-0x00000000035A0000-memory.dmp

memory/2528-136-0x000000001AED0000-0x000000001AF50000-memory.dmp

memory/2528-134-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

memory/1132-131-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/2932-101-0x0000000001350000-0x0000000001B76000-memory.dmp

memory/2528-100-0x0000000000810000-0x000000000083E000-memory.dmp

memory/2988-95-0x0000000000CE0000-0x0000000000CE8000-memory.dmp

memory/2552-87-0x0000000002A70000-0x0000000003296000-memory.dmp

memory/1696-52-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1696-50-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1696-49-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-48-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-47-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-46-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-45-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-42-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1696-41-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1696-40-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-39-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1696-33-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/1696-32-0x000000006B280000-0x000000006B2A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\libgcc_s_dw2-1.dll

MD5 fe7a6e06e1a017a850c91d7e7cb1da88
SHA1 c934a16c045f6ce19b1e66ccfc8429b788149ed0
SHA256 cdbf69614c711b0a7e6de6385cdc6d3ec0f68f7d3459ceabb4993b8d06106db3
SHA512 add7908cbfad50babc1fe1bf91a3aa30308bb221d4412b698ec126338d89af2de19fbb0821e1b139516537fee0d44ef8cc2667b64d40017ef023eff4e12cf4cd

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\libcurl.dll

MD5 d09be1f47fd6b827c81a4812b4f7296f
SHA1 028ae3596c0790e6d7f9f2f3c8e9591527d267f7
SHA256 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e
SHA512 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

\Users\Admin\AppData\Local\Temp\7zSC8548D36\libcurlpp.dll

MD5 e6e578373c2e416289a8da55f1dc5e8e
SHA1 b601a229b66ec3d19c2369b36216c6f6eb1c063e
SHA256 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f
SHA512 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

\Users\Admin\AppData\Local\Temp\7zSC8548D36\libwinpthread-1.dll

MD5 1e0d62c34ff2e649ebc5c372065732ee
SHA1 fcfaa36ba456159b26140a43e80fbd7e9d9af2de
SHA256 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
SHA512 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

C:\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

MD5 340c3a811b8c6310f7ee327eb3d6c3cd
SHA1 8c8c0bdde42b3f25a512ff5d0e7bd8af4ff2d984
SHA256 1e21112c24642ab0b471fe6b7a92cf1f52c4206e5fbc0569fa53f0dbbbfb045c
SHA512 da2cb85824e2032d6500133204dbe4749a510d3a186b82b30fde3d25ff6670d65f4e58293bd7b9e1adb5170445e0a2142003acbd5c8ba164491c820a79159714

\Users\Admin\AppData\Local\Temp\7zSC8548D36\setup_install.exe

MD5 5a951a3c08a6d8a99127cf56bed45815
SHA1 62627dfc47de5383a61870d8f758a65d7c42b238
SHA256 b31a36b57a138bfda51b4bdc4dd3dc3d5541b5f76459d7c4a9bf95000ca8e5dc
SHA512 899603f30152b4ba63f317ba27fc66c9bd30233a97a1c8023ed116058f5eeedacc579423f197beeee3994f2533de200f3f1c3f3bfdba4d1bfca3c3ee12ef97ce

memory/1360-249-0x0000000002E70000-0x0000000002E86000-memory.dmp

memory/1132-250-0x0000000000400000-0x00000000032F8000-memory.dmp

memory/1696-268-0x000000006FE40000-0x000000006FFC6000-memory.dmp

memory/1696-267-0x000000006EB40000-0x000000006EB63000-memory.dmp

memory/1696-266-0x000000006B440000-0x000000006B4CF000-memory.dmp

memory/2540-270-0x0000000000400000-0x000000000334B000-memory.dmp

memory/1696-265-0x000000006B280000-0x000000006B2A6000-memory.dmp

memory/1696-264-0x0000000064940000-0x0000000064959000-memory.dmp

memory/1696-263-0x0000000000400000-0x0000000000C7F000-memory.dmp

memory/2552-297-0x0000000002A70000-0x0000000003296000-memory.dmp

memory/2988-298-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

memory/2988-303-0x000000001AF40000-0x000000001AFC0000-memory.dmp

memory/2932-302-0x00000000009A0000-0x00000000011C6000-memory.dmp

memory/2932-304-0x00000000009A0000-0x00000000011C6000-memory.dmp

memory/2528-307-0x000000001AED0000-0x000000001AF50000-memory.dmp

memory/2540-306-0x00000000034A0000-0x00000000035A0000-memory.dmp

memory/2528-305-0x000007FEF5630000-0x000007FEF601C000-memory.dmp

memory/2528-369-0x000007FEF5630000-0x000007FEF601C000-memory.dmp