Analysis Overview
SHA256
1bdfcdbf076c996abd6f783703249689192036db3e22ecf201db3b12eb5f630d
Threat Level: Known bad
The file StarshipJourney.exe was found to be: Known bad.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-08-29 17:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-29 17:09
Reported
2022-08-29 17:12
Platform
win7-20220812-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Executes dropped EXE
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\StarshipJourney.exe"
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1236,i,14557860629110817148,13386351506823966276,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --mojo-platform-channel-handle=1444 --field-trial-handle=1236,i,14557860629110817148,13386351506823966276,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --app-path="C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1648 --field-trial-handle=1236,i,14557860629110817148,13386351506823966276,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1236,i,14557860629110817148,13386351506823966276,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 216.58.214.14:443 | redirector.gvt1.com | tcp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | r4---sn-aigl6nek.gvt1.com | udp |
| GB | 173.194.183.105:443 | r4---sn-aigl6nek.gvt1.com | udp |
| GB | 173.194.183.105:443 | r4---sn-aigl6nek.gvt1.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
memory/1960-54-0x00000000751A1000-0x00000000751A3000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsdFFC4.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsdFFC4.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
\Users\Admin\AppData\Local\Temp\nsdFFC4.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/1780-59-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\v8_context_snapshot.bin
| MD5 | dd0d4997dfab65b96aad66d035f6029c |
| SHA1 | 65faa1dbb7ccd902f1f1af544f6941234ff679d3 |
| SHA256 | f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd |
| SHA512 | 86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\icudtl.dat
| MD5 | d866d68e4a3eae8cdbfd5fc7a9967d20 |
| SHA1 | 42a5033597e4be36ccfa16d19890049ba0e25a56 |
| SHA256 | c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d |
| SHA512 | 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources\app.asar
| MD5 | beb74c16bfd0dc4aa145cf53c57f078d |
| SHA1 | 3621b1e9760309474ed137c56689f83c52ca4fc2 |
| SHA256 | 4208e76c63b93f5c2df3fb508a44fa54cb9b9fdf05d125ce631b39c0b409b1e5 |
| SHA512 | 85d647123d1855c0546e70fc9cd8ec41f06a12cf8e09d70e0bfe5fe4ddeec80538cfe58c6f48715b038ffe8d1ce43292e21a8730bc471b351ff3e9318dce16f3 |
\Users\Admin\AppData\Local\Temp\f0b7d5b8-b26f-430d-bbac-08a73560c95c.tmp.node
| MD5 | 6833f7a2d586e5708d7a9f94322ec521 |
| SHA1 | 638e7df644d89266c58677fffcebc3de48136db1 |
| SHA256 | 5fc215576ff581a0a9f96ea248b07fa8a9137c15c0cc1db26365c91f33488925 |
| SHA512 | b3267dd4450b16175adc2d249b7a2043375addc84179854ec8b7fbd086db7021f20044ce6c7c88a083d70acb95a2c5480c05590100a75f01a32e766c2c126b94 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\chrome_100_percent.pak
| MD5 | 237ca1be894f5e09fd1ccb934229c33b |
| SHA1 | f0dfcf6db1481315054efb690df282ffe53e9fa1 |
| SHA256 | f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2 |
| SHA512 | 1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\chrome_200_percent.pak
| MD5 | 7059af03603f93898f66981feb737064 |
| SHA1 | 668e41a728d2295a455e5e0f0a8d2fee1781c538 |
| SHA256 | 04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6 |
| SHA512 | 435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources.pak
| MD5 | a1e5aafe5a1509ef461d584c98484ff7 |
| SHA1 | 455a36fff7a12989d0d1fc944a3c8840141d865a |
| SHA256 | dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772 |
| SHA512 | f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\locales\en-US.pak
| MD5 | 5cc884bf0ec1c702240173b35a421d1b |
| SHA1 | 19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31 |
| SHA256 | 9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601 |
| SHA512 | 48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/472-101-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\D3DCompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libEGL.dll
| MD5 | 91f11a9181583f75e2b29fcd9050c7f5 |
| SHA1 | fd90abc3048f3347435dfbd1075b8051ac6ffabc |
| SHA256 | 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330 |
| SHA512 | 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libegl.dll
| MD5 | 91f11a9181583f75e2b29fcd9050c7f5 |
| SHA1 | fd90abc3048f3347435dfbd1075b8051ac6ffabc |
| SHA256 | 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330 |
| SHA512 | 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libGLESv2.dll
| MD5 | 16deb84c2dd1d55ed938a112b6ce92d4 |
| SHA1 | 15ed353f418030e2a3d94c2c77d45605ea9cb3c2 |
| SHA256 | b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8 |
| SHA512 | bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libglesv2.dll
| MD5 | 16deb84c2dd1d55ed938a112b6ce92d4 |
| SHA1 | 15ed353f418030e2a3d94c2c77d45605ea9cb3c2 |
| SHA256 | b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8 |
| SHA512 | bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/268-108-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/1568-145-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\3ac7bf57-377a-4d01-a78d-10ecac599550.tmp.node
| MD5 | 10549f42263e31e1a335cdf5824be847 |
| SHA1 | b4e736aadc5f66d7a67255c719773721d55b3d52 |
| SHA256 | 487cec14eea6646be0266a5767b53ed67b49b429036521ee13d0656365fcca20 |
| SHA512 | 018ed34edfd60de37a73191206ace75521a6ac9c588ac6a05dccc576f41cb5233c3c800e14c303d5f0d7bcd707f556d24151fe86c4b163c09b2f3cc5aac930cf |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/1948-179-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vulkan-1.dll
| MD5 | 4783d34314ef4feb241f4fdf36499521 |
| SHA1 | 89296d6ac36cd005045db7307bf31005d0cf29a7 |
| SHA256 | 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b |
| SHA512 | 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vulkan-1.dll
| MD5 | 4783d34314ef4feb241f4fdf36499521 |
| SHA1 | 89296d6ac36cd005045db7307bf31005d0cf29a7 |
| SHA256 | 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b |
| SHA512 | 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libEGL.dll
| MD5 | 91f11a9181583f75e2b29fcd9050c7f5 |
| SHA1 | fd90abc3048f3347435dfbd1075b8051ac6ffabc |
| SHA256 | 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330 |
| SHA512 | 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libGLESv2.dll
| MD5 | 16deb84c2dd1d55ed938a112b6ce92d4 |
| SHA1 | 15ed353f418030e2a3d94c2c77d45605ea9cb3c2 |
| SHA256 | b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8 |
| SHA512 | bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b |
\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-29 17:09
Reported
2022-08-29 17:12
Platform
win10v2004-20220812-en
Max time kernel
152s
Max time network
158s
Command Line
Signatures
Executes dropped EXE
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\StarshipJourney.exe"
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --mojo-platform-channel-handle=2032 --field-trial-handle=1864,i,6255271992848898505,6556414975969789565,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1864,i,6255271992848898505,6556414975969789565,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --app-path="C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2588 --field-trial-handle=1864,i,6255271992848898505,6556414975969789565,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
"C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\StarshipJourney" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 --field-trial-handle=1864,i,6255271992848898505,6556414975969789565,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.252.118.126:80 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| US | 52.109.8.19:443 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 172.217.168.234:443 | ajax.googleapis.com | tcp |
| NL | 172.217.168.234:443 | ajax.googleapis.com | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.253.209.121:80 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 8.253.209.121:80 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | dual-s-ring.msedge.net | udp |
| US | 52.123.128.254:443 | dual-s-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | s-ring.msedge.net | udp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nshA60A.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nshA60A.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nshA60A.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/2036-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\icudtl.dat
| MD5 | d866d68e4a3eae8cdbfd5fc7a9967d20 |
| SHA1 | 42a5033597e4be36ccfa16d19890049ba0e25a56 |
| SHA256 | c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d |
| SHA512 | 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\v8_context_snapshot.bin
| MD5 | dd0d4997dfab65b96aad66d035f6029c |
| SHA1 | 65faa1dbb7ccd902f1f1af544f6941234ff679d3 |
| SHA256 | f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd |
| SHA512 | 86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources\app.asar
| MD5 | beb74c16bfd0dc4aa145cf53c57f078d |
| SHA1 | 3621b1e9760309474ed137c56689f83c52ca4fc2 |
| SHA256 | 4208e76c63b93f5c2df3fb508a44fa54cb9b9fdf05d125ce631b39c0b409b1e5 |
| SHA512 | 85d647123d1855c0546e70fc9cd8ec41f06a12cf8e09d70e0bfe5fe4ddeec80538cfe58c6f48715b038ffe8d1ce43292e21a8730bc471b351ff3e9318dce16f3 |
C:\Users\Admin\AppData\Local\Temp\58a0b838-4984-4e97-bacb-e89e58c0b520.tmp.node
| MD5 | 6833f7a2d586e5708d7a9f94322ec521 |
| SHA1 | 638e7df644d89266c58677fffcebc3de48136db1 |
| SHA256 | 5fc215576ff581a0a9f96ea248b07fa8a9137c15c0cc1db26365c91f33488925 |
| SHA512 | b3267dd4450b16175adc2d249b7a2043375addc84179854ec8b7fbd086db7021f20044ce6c7c88a083d70acb95a2c5480c05590100a75f01a32e766c2c126b94 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\resources.pak
| MD5 | a1e5aafe5a1509ef461d584c98484ff7 |
| SHA1 | 455a36fff7a12989d0d1fc944a3c8840141d865a |
| SHA256 | dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772 |
| SHA512 | f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
memory/3284-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
memory/4560-148-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\locales\en-US.pak
| MD5 | 5cc884bf0ec1c702240173b35a421d1b |
| SHA1 | 19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31 |
| SHA256 | 9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601 |
| SHA512 | 48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\chrome_200_percent.pak
| MD5 | 7059af03603f93898f66981feb737064 |
| SHA1 | 668e41a728d2295a455e5e0f0a8d2fee1781c538 |
| SHA256 | 04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6 |
| SHA512 | 435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\chrome_100_percent.pak
| MD5 | 237ca1be894f5e09fd1ccb934229c33b |
| SHA1 | f0dfcf6db1481315054efb690df282ffe53e9fa1 |
| SHA256 | f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2 |
| SHA512 | 1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | c968d4593a9cfe9ea28acfc39ecc2f3d |
| SHA1 | 3a79deacdc496608a75283f82264cf5b7d41a10e |
| SHA256 | 329e01ec366cfb24c66aca822d525ae7ca1c00f5a0a099b28d4b774565314dec |
| SHA512 | 6b4e3beb7ddfa20b4752c815d15b82eb948aa3041140662e4c919d9eb0a4f6cf90206f374229fbf3b034479ad4458a048df0a4a09a353c64fec56fc14a9da357 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vulkan-1.dll
| MD5 | 4783d34314ef4feb241f4fdf36499521 |
| SHA1 | 89296d6ac36cd005045db7307bf31005d0cf29a7 |
| SHA256 | 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b |
| SHA512 | 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vulkan-1.dll
| MD5 | 4783d34314ef4feb241f4fdf36499521 |
| SHA1 | 89296d6ac36cd005045db7307bf31005d0cf29a7 |
| SHA256 | 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b |
| SHA512 | 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libegl.dll
| MD5 | 91f11a9181583f75e2b29fcd9050c7f5 |
| SHA1 | fd90abc3048f3347435dfbd1075b8051ac6ffabc |
| SHA256 | 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330 |
| SHA512 | 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libGLESv2.dll
| MD5 | 16deb84c2dd1d55ed938a112b6ce92d4 |
| SHA1 | 15ed353f418030e2a3d94c2c77d45605ea9cb3c2 |
| SHA256 | b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8 |
| SHA512 | bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libglesv2.dll
| MD5 | 16deb84c2dd1d55ed938a112b6ce92d4 |
| SHA1 | 15ed353f418030e2a3d94c2c77d45605ea9cb3c2 |
| SHA256 | b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8 |
| SHA512 | bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\D3DCompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
memory/776-167-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\libEGL.dll
| MD5 | 91f11a9181583f75e2b29fcd9050c7f5 |
| SHA1 | fd90abc3048f3347435dfbd1075b8051ac6ffabc |
| SHA256 | 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330 |
| SHA512 | 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\2a63572b-8843-4bb8-a6d0-6ef1816c3d97.tmp.node
| MD5 | 10549f42263e31e1a335cdf5824be847 |
| SHA1 | b4e736aadc5f66d7a67255c719773721d55b3d52 |
| SHA256 | 487cec14eea6646be0266a5767b53ed67b49b429036521ee13d0656365fcca20 |
| SHA512 | 018ed34edfd60de37a73191206ace75521a6ac9c588ac6a05dccc576f41cb5233c3c800e14c303d5f0d7bcd707f556d24151fe86c4b163c09b2f3cc5aac930cf |
memory/4804-171-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\StarshipJourney.exe
| MD5 | 9577b598a462a740878da74c02739c68 |
| SHA1 | 16d0c98fbdaef9bef57000a0c43bb1e083fa20d5 |
| SHA256 | 27c9263ca79405dfc733f59752d632a0cdd9fc892c29c0440eaf64d78f1b194d |
| SHA512 | 2852675c2e104134b6f6d6365bf5cc2d60715060752c6f001a8651a91dd926ec7c537e1840dc899152477b56c64257937ac62d7f2606bce6e04490b60a465177 |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\ffmpeg.dll
| MD5 | 21647425561f9dfa567139d2c505f585 |
| SHA1 | efd5b3d6a21886c6467d28c73d20be0acb4591e9 |
| SHA256 | b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6 |
| SHA512 | c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a |
C:\Users\Admin\AppData\Local\Temp\2DwEX7ROC97Z4oZQ7AHl3sh9TOG\vk_swiftshader.dll
| MD5 | 6b40ce4af617399536d0ea6edc84baad |
| SHA1 | 55c91309fe49af121dd3de9c24f60b8cfea680f1 |
| SHA256 | c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59 |
| SHA512 | 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6 |