hxxps://www[.]mediafire[.]com/file/5zrq0334sfyhw1f/ToolLess_Netflix[.]7z/file

Analysis

max time kernel
296s
max time network
292s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
15/03/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/5zrq0334sfyhw1f/ToolLess_Netflix.7z/file

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2492	netflix-x86_64.exe
4864	netflix-x86_64.exe

Loads dropped DLL 3 IoCs

pid	Process
4864	netflix-x86_64.exe
4864	netflix-x86_64.exe
4864	netflix-x86_64.exe

Drops file in System32 directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\combase.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\win32u.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\windows.storage.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\KERNEL32.DLL	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\RPCRT4.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\GDI32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\clbcatq.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\hhctrl.ocx	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\MSCTF.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\KERNELBASE.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\oleaut32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\ws2_32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\advapi32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\SHLWAPI.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\winmm.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\GLU32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\msimg32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\msvcp_win.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\sechost.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\psapi.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\uxtheme.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\opengl32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\dxcore.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\kernel.appcore.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\bcryptPrimitives.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\apphelp.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\gdi32full.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\shell32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\imm32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\shcore.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\wsock32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\wininet.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\PROPSYS.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\ucrtbase.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\user32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\msvcrt.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\ole32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\System32\comdlg32.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\version.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\system32\explorerframe.dll	netflix-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\wintypes.dll	netflix-x86_64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll	netflix-x86_64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ToolLess_Netflix.7z:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
3536	msedge.exe
3536	msedge.exe
4084	msedge.exe
4084	msedge.exe
4208	identity_helper.exe
4208	identity_helper.exe
4164	msedge.exe
4164	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1236	7zFM.exe
1236	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1236	7zFM.exe
1220	7zFM.exe
4864	netflix-x86_64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeRestorePrivilege	1744	7zFM.exe
Token: SeRestorePrivilege	1236	7zFM.exe
Token: SeRestorePrivilege	4328	7zFM.exe
Token: SeRestorePrivilege	1220	7zFM.exe
Token: 35	1236	7zFM.exe
Token: 35	1744	7zFM.exe
Token: 35	4328	7zFM.exe
Token: 35	1220	7zFM.exe
Token: SeSecurityPrivilege	1236	7zFM.exe
Token: SeSecurityPrivilege	1220	7zFM.exe
Token: SeDebugPrivilege	4864	netflix-x86_64.exe
Token: SeTcbPrivilege	4864	netflix-x86_64.exe
Token: SeTcbPrivilege	4864	netflix-x86_64.exe
Token: SeLoadDriverPrivilege	4864	netflix-x86_64.exe
Token: SeCreateGlobalPrivilege	4864	netflix-x86_64.exe
Token: SeLockMemoryPrivilege	4864	netflix-x86_64.exe
Token: 33	4864	netflix-x86_64.exe
Token: SeSecurityPrivilege	4864	netflix-x86_64.exe
Token: SeTakeOwnershipPrivilege	4864	netflix-x86_64.exe
Token: SeManageVolumePrivilege	4864	netflix-x86_64.exe
Token: SeBackupPrivilege	4864	netflix-x86_64.exe
Token: SeCreatePagefilePrivilege	4864	netflix-x86_64.exe
Token: SeShutdownPrivilege	4864	netflix-x86_64.exe
Token: SeRestorePrivilege	4864	netflix-x86_64.exe
Token: 33	4864	netflix-x86_64.exe
Token: SeIncBasePriorityPrivilege	4864	netflix-x86_64.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4644	3536	msedge.exe	80
PID 3536 wrote to memory of 4644	3536	msedge.exe	80
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 2688	3536	msedge.exe	81
PID 3536 wrote to memory of 864	3536	msedge.exe	82
PID 3536 wrote to memory of 864	3536	msedge.exe	82
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83
PID 3536 wrote to memory of 4828	3536	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/5zrq0334sfyhw1f/ToolLess_Netflix.7z/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeece83cb8,0x7ffeece83cc8,0x7ffeece83cd8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ToolLess_Netflix.7z"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4328
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ToolLess_Netflix.7z"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1744
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ToolLess_Netflix.7z"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1220
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ToolLess_Netflix.7z"
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe"
    3⤵
    - Executes dropped EXE
    PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17158696732616865688,14564103979628974467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2116

C:\Users\Admin\Desktop\ToolLess Netflix\netflix-x86_64.exe
"C:\Users\Admin\Desktop\ToolLess Netflix\netflix-x86_64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4d160b0902e0b3b115cba46d32cbc5e9

SHA1
43d910ff8b35a3fec80921e6a3b9d692802d7017

SHA256
2a28451052881c3e0665aee8d7772bbcabd36186f5391f7ce80333715250915f

SHA512
d0b12dd47f349f79b51b281238e0a6104cc7f73ab4effd09917e74ac1118484606ee160bb72bc6a64b5dfad7f25266f72d4d98746c3b752c3e273731f48b7b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
934b46a69992add04b2253f29ea4f174

SHA1
b7e9cdcd969ce6c88dedee22fa881564c32ddd35

SHA256
c4e2d481e73a1dde55ce4b670085495edd90863938d187f54ed07d35f02b55da

SHA512
9bfe190bb81d63355245ba943ba8d9addedcc234d0d11a5d86fd6f81db640eafe4b348703bf04f71a2fdeba5382364802cdfdefab257deddb774ad49d2703b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
baac32e9e772833c75eb8b9842a77183

SHA1
867b20ec7c36ebfdbfbcc52f9e23846872590b58

SHA256
123f9cd3c18adb88675fcf26524fc87aaeeb07c468fb88246681955839b9c0ea

SHA512
208bc28a1e151e66a3224d292ea2a848f74a370ac37de5f48e6c42546195fa6c5ca0eb71bf37046c77dc04d3d0daf0036f7d75c1340afdec5671f705a557a1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5cc284316bf76d2f37285debe842f3a3

SHA1
790eea5e4f0368b16db1c6a66bebaf4d17c62aa5

SHA256
6e598412466c7f0cc76eb26e93fdda9a2e7b8bb11cda448d820bbeee132b08ff

SHA512
b34e6c1b6cdc29075d2bfe4b11ed8496b1265ee667f127f3400b762d076da5d8b2dafe4fd1e3fd9941a3f7ac88f86a02be15279d706f50e0816d7134484d64b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2235593b0e6edb1c9919abc976509ae

SHA1
1d886eb721e13bfddae6cbcb4411fa73ad1ea0c9

SHA256
c7d349ec6d9e72c99481e5ad052911cadf59b41589d06244cf7fae944432276d

SHA512
6b7836206210680e3087822d0657c74bf0a0d4164499ad2a6160623296f23ec0795f78c40ee7bf4680af36aef14f34504dbc4da56ea2a451c2cc29e7e5711c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c13c3ebdd6133ccd8452f825b6f9c226

SHA1
e0377c6bb09e4c105befd09e6f6587e61f360f7c

SHA256
14d1450d0041935eddd4a9de9b527d671330794857ab0921c97e8c3aeaea4bd6

SHA512
27f3e3565144e6c7d8e78d33a806ce66bda2a1f67a72970e0392f147d8abb6622a0c28f223da25fc35654dbb674523180fea06b9a76eebd4800c16be49eda257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6769b3472540cb898dab5d04d445b4ae

SHA1
6968d811c8f9168b600df321f71107934598aa17

SHA256
eb067632a20254d92c083d22a7c40839493ff72100c672106c67a34d16ad6ef8

SHA512
714513395f122261b8d385db6c04ee7bf2950d6e197b49c3eb499638554f19844393a19f386f326d6da4268460a6a9c2ebb5c4f19643473d1860c91b3a496925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46bb0fbde14d2c59dc6874971e26fa97

SHA1
354d30476895a29638724d27ba7224d456a3a6c6

SHA256
085d06cb4a0bb2071b53035bf1f045582a15b640dd700102ef1cd0560c8f8492

SHA512
338b1e8c00f4b6345c4be441bf649033bb85b5d48df89d220ee835431bccd95a881793d8dedbc342469e4209a1d6c976377a6b708a69d65e42bbfdf5e44690ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad0caf6901dd549f33230e00e040b0aa

SHA1
f7e8a7885524e40be7c499c2607df0273dd66dd2

SHA256
e6aa83be50aedb0a5e98d217caa47827a04ad4e40e9edda8f224c7e1386811dc

SHA512
8937490a9f837a7d6588461e8263be12e683e153e45a8cf81241d55dea1b8a0a67901daa5e46c256f06b45ec83658755202f2f64c254944dbcb684d63b557c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ce70419d3de7ee66eaa8d3606e15cf1

SHA1
1c51803489910746bae73e159f7cca34dba1ff1b

SHA256
23074f14ff3f9584e577174bcaf3d9c1a91d52860e53ca112a31b9231f87097e

SHA512
ea3674147e3fcf75434281c569ad56dc416b929fbd54379e76aa7496356fd944c670e24f577bc0235a7a887cd24be53282bc5dce6c6717d8c9f60b64e6b3522e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
91326d37f1600da9a95d7e422898af3b

SHA1
ce2c870357c101c3b67252183d94183923fb9b38

SHA256
7cbe2b74b3f37f082b1c9219fb2d15b2fc4748294b362dada196d476beebc903

SHA512
0f4386da582278853f9f564eedb9b2cbb643eaddf8be9cc609f19881ca18472cbed942d50ee0aa132a9175733cd29e6450074f40f70e1a4812334f73edb80666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c541e469dae09fdf9b48912d2a64be0

SHA1
d57b9a695c3df5f756b5f17fa74a44f533ea14a9

SHA256
232d9534480f8dd4482f2c1443478c292e599c0939d62ac9e91cf1d8effe6f8b

SHA512
e6edf691cd9f866771d61c07e14dc435b4fd6bab8b92a5f21a3d956c8d4acfddcd69d8fdfa1a1e1fd6b94ba01b1076f0b065bf59f9c0acc299eb8153972843ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2afdcd20deaf4b966ee3f2da1a5d8711

SHA1
618d37672b54f12a00edfe44b259bb532704339f

SHA256
b99206216f5f6ae1951ce95604595fce6d9c2c6691cf413fa6a5efbe81e27fde

SHA512
dea705098ddb833f598b805352c1d97edd07ee709ba61f9e059be0efd4473f98813b405c8f7b931c10343098246039be842245facd2427d2c41f8ba2eab53135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
64476a28076957f7b1d21efbc8fac521

SHA1
edc8c8052fd40f72e8bbdcce082b566dfe38087b

SHA256
de43706f57473d3921b8184c6831f5c1b5dc1859aba52216325ac4f86e95f38f

SHA512
fd8882982b5e16cb144149d7fc9a36380d42df959aaa4e6425558f053e6ab0c35ae3524c283098866ce9fa92876e5190d13897c5c81ebd9a531e2da97a83f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588a0b.TMP

Filesize
203B

MD5
66814ea03990e65d817f10f199b7769e

SHA1
e2146b49dbbe5a878f574bf6665e012b74d220c4

SHA256
d3f1dbb02c9cc36fe9c2693bfdfa196a5b03fb59fc49442616e66a29596df6ec

SHA512
5734cd6253c2c0b939f13972eb0223c619c206608d73bd29310ca752f183e2e17ed28a1cdaad19ad9bd9636de5d5714258d7599f74c7015a64d2e240041827c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7a288a869127d968d3532d05c3e82843

SHA1
33ae15342457a6afb7b4073a2e9f41ac250d71ce

SHA256
3638fcba8e0960744db288285289efd46e2ec392b8cc74bfa9ab4d5401b74b42

SHA512
26d6c559fe581fc15a0109dd0f7f5500acf9f1c31b705b477e128bebcd7da0836558c1af9a64ca3e655217c83fa045aa627c88995dfb28b8902a2dc3a2767de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fc94375a1c9a5c63e256f6e0fe818fcc

SHA1
6e8b7679dd6f9dd6d4946e992ad94028c2ad5bbd

SHA256
537dd6293d33cd53004c9703e00d862707c9456b4885c363f2a11dfffe4269b9

SHA512
49b3544357bd089fca6aa26736b3ab96a9f22acadeae57fb6ebca24096251e829288c1eb0dd0e182de785f22bf57d23a8ea19a545a7a733f5a53b05b09425d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cfeeae6fd36009529ccebc8ca8252920

SHA1
2999d610cc3e971429f0820ba40a8e98e2345314

SHA256
54ebad73f4ed3563b88d1fe54d76451597b47d83dd8bff1068fb6d08bfe0720f

SHA512
21667a95852f101d890823a8b0e865f7298601a075d94d68911a7d736c2d543c988ea6c1396c3e31ec63a1f2e1e5cad091188ec0ab644961adc7ff18a97900be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe

Filesize
13.6MB

MD5
e0203ebeea32ee6ffd124c6153523ee5

SHA1
cf4daef162400ca695ec732397cb6da2fa997609

SHA256
0a5833dbd70ae0cf6bdff04f031d38bf8a6c76fe9195e81d47fd2b300e08e13e

SHA512
5da4cffb73b99091461322bbeaa4a4e057af823438886262589e74d96ddcf19efd4adc6728dee706e7a0457c879db999b354c99bad5f2b37e99d152981a833e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe

Filesize
6.6MB

MD5
5fbf6681fa7f3373edd85338ff8c8505

SHA1
cf5966e360ee37eed6e69558b6c0c9868ae394a7

SHA256
319ee0a0bf696f8135ee6e8e619a19f93704a5d24c5a1b3196f5f7f3c2717737

SHA512
5a5c9cc47066f409263331c0057830cf1d868caf6cb8e6b6e0f5272b19bf2216ef84c18b1b95bc9c626af94db2a95dba20f6948aac37ef2ea83f129663262497

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4D4B1629\netflix-x86_64.exe:Zone.Identifier

Filesize
323B

MD5
c5b72c6ef52b88a144768d8dd659fc80

SHA1
6239345f1cbd33cc022075a6439dce03d1e8dbec

SHA256
ba87cae9c38684c02bb2a624a4835705d3dd87a6e319dcc6303b5a567cc0f2a4

SHA512
0309782d3b66eb1a416192cf1ee4080140fd7def6f2ab901363dc873a1b843131694a0b576c2aedbfecad41917686a5b5d03fad1376654c5411a551dc879ac0e

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\Languages\language.ini

Filesize
283B

MD5
af5ed8f4fe5370516403ae39200f5a4f

SHA1
9299e9998a0605182683a58a5a6ab01a9b9bc037

SHA256
4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5

SHA512
f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\Languages\ru_RU\name.txt

Filesize
7B

MD5
deba6920e70615401385fe1fb5a379ec

SHA1
74ad93cbebf587ac46ab0ef1e3f24139ddd3f535

SHA256
5bcc40adf6e0a2a9c9317f9ac01481271b45ffdd5850d96b562752eee8167b85

SHA512
913b7f3434df10d5e274e6cd594dd7020ceb32b6d81c4df05fd652f41a8b69429635526a4c6979f0dda8e5a0d4351c613f332eac0a01c81486a10f9edbb3b15c

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\AddToNewGroup.LUA

Filesize
1KB

MD5
83bdbb1ba0dd3c8c5a18f125951c9325

SHA1
bd0a80c6bfe473209c04800fd295c0c5505513b0

SHA256
87fa0d759d6b36cba2b5cb0a8c5c3c43312b0ee6f03e077c4ad6b9f748c5f8b0

SHA512
dc2959e6fb806d8bb617bfd2f8be7d524a8e8d639f842a31b37d5c8ce445634a44df03cf03d9aa2f7a74137d7fa50966e284dbf02d3662fa78f68acd5ebf80b3

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\DotNetInject.lua

Filesize
7KB

MD5
019537c21e839ed2dcf6372d4ee5437d

SHA1
c70622fbd9922a1f98ea100dadb1cdaf73a407df

SHA256
f93774c321fe590b26f6838889654b7639d251e0190e3509c3e50556ba0d7989

SHA512
9cb3a81c77aea77cd12b87fe981b06096760da6d32f83b856a454f30d88067710261f6ded11a75c01181d8a789b6d39c9861f03f237a1da36cc0801168e222a3

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\DotNetInterface.lua

Filesize
19KB

MD5
1dce4c5122636604f6ef299e5e6d8211

SHA1
b7149b4539315c699711403d85fc7b7d6943fb9d

SHA256
952bc6a8bfd0070566411ee88ca84f5a7f54c452a4e77790c84cb150595a443b

SHA512
705620c3b2a1bac7de12778fe953ed96c956f04b53c944907e00086fec2774b1202d424e6428c9e1daa0d49376a6f03b4de5b33e56c778c02f6cdcd76cb3ebe9

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\JavaInfo.lua

Filesize
28KB

MD5
1bd760ada69fca61957f15955faa5909

SHA1
e445c15d1c6a8b239f30ea91b047d375408fc5cf

SHA256
aa530743076cac31f77260beac32b9e0e5b6983c2b3cbc8f348d8abf4f0c9c3b

SHA512
e4b57ac348a9d12b9f0be1c96591481d88219fb791d81386c0f66b08058a8182c692186d0eaa27482b427bdc73cd643d57ca3a047be8a52f5790d2abc51d5f5f

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\JavaSearch.lua

Filesize
5KB

MD5
673fc378a0e09bf887e95ffa87d1ada7

SHA1
12a03af2c137e1dc079f417f67150a7bf70d55d2

SHA256
8af39e86394f7b56023753ca517bfdca29dc4f3dfe64a3310eafc21207a61e95

SHA512
dd06ddc7f8ffe6e1fcf142368e1e7035d2f3130b3124a223c9912258552d8984ad8daf12e72253df1c9271cbf1d59d2c40684c4fde5424af16e047882a90ae5e

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\MethodInvokeDialog.lua

Filesize
5KB

MD5
196b14ebdf8de3baf14bca42505990c6

SHA1
4f0ef4bfac987ba7b7eeab048453ed6eed8897fb

SHA256
eef6cfa2400ab5d1b4c59bbf3bdc977d5600ee07c3edc068de84b16eb48442dd

SHA512
5c2d4163a67b7eb2add77a3ab135e952c04067f62f41cc8db4e4eec7ef20ca299280e1902e53b65f8edbe2605071a96876daf48cb386095684c30a9127e27803

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\affinity.lua

Filesize
3KB

MD5
736a8bbd0d34eefd4c1eb6d02b2f35e2

SHA1
9adb98705ca79049c9ac9357ad95cb09ca5277e3

SHA256
6fdfd20755b3ff4f71abbd9f834a916d7f8a9d85fb5e5dca6bbd859cac6de758

SHA512
5890c5a73beb80acfbe9828d62e54510d02b28384fa97ffe853b16d910cfe39e83a93fb9f7c6e79823a694bc08c658afca6b1430d59a48691e27b88b87d519f3

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\andtools.lua

Filesize
7KB

MD5
dbea35855b986c3e529d5f6dedbe5ef6

SHA1
3cc8db2ebed5b515ddb6a1cdf54066e8dc0485a7

SHA256
1142b59d9b5a918b637006fbcd7199c3d561ce08722ecaf192fbf2bcb9b0c3f1

SHA512
030fb90f1caaffde1dcdc72d74bbda7874e62171029704efb44e521eb46f2d1eb75a99e8314b7b72843bb1edd236c38f4266c081d471a56951bc29c5226c7250

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\autosave.LUA

Filesize
8KB

MD5
005a675ddbdf7e8359aab9af19dd7000

SHA1
2dc8ef7abbacff7c11bbdc3e7edfe95a9b2ddeea

SHA256
2102c2a017fe0c15d924891750f2108734c1f616bb8155db075109e4368a931e

SHA512
a756d3f6b4cfd8ac91d30f768f4d4ce3571250f484c6fe00e3e439062cb6a7eeef506799324c97b02e9367482dffb72ca599361a3261e95d203d645ac8bd267b

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\babyce.lua

Filesize
14KB

MD5
2752eb057b40d4490c866315c6f50055

SHA1
0e228ca74cc7c15922e8fce81067cc0c6630257f

SHA256
1a0af003b24d7af4aac1da4f635dc2654b909ea4e377aa7f8100e1423fe56156

SHA512
33c3e6493efb708f06ad3ec2f6072cc24a0f62474734a2307347f43bc4a6e669dc03df9d954337c57aff4e3f7e19cefa0d9740390b2e54fc797c8e8f50e27ce9

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\bigendian.lua

Filesize
7KB

MD5
4b2ee1e7fcff5281b4f39698d8ca5a16

SHA1
9f1924319e471a58c6ee765eaa574baa95918b70

SHA256
ec62e56280d04a8abf6bd1261991a505b2e5901082d8e41c9a6a15592cc9ac27

SHA512
32128583eda5100278f94118bf0fc06c5d34a5812693597f90da4c4fa2303ca4a9e5e69d2f60565492532fdeaf9335272e96c4d2c4897559dede12987ff09bd9

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\celib.lua

Filesize
1KB

MD5
71d6e0185b6841b5c47600a2fd4700a1

SHA1
d8cb206d8fefdb21317085a72ab350af4ff3ba92

SHA256
f601d853c4f6f3224c32496ae7595c5b28e4f1e429400cf877802011d48185ed

SHA512
f43ee6d64e8471224ad635b7ed709ea200d886704eada7d6892d3d70c8dec78f2b4d9870b0b58fd428e7d3ccb3956c92a91d8b2ed4ef1147c57c7ccdcfdc529d

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\ceshare.lua

Filesize
13KB

MD5
b58b18c87bde2a935dcd06ded31b3c77

SHA1
ba8e40d11883ad892bb939dc0317393dc7399b0f

SHA256
c0a7ad4fd5bc521b04fea71e9d1023d9e36f88bb8f6a53e4e8e014923de4c7d9

SHA512
2785aa8957b07822f7e66cd5a9ef0369c21afba29d89bc525de13da43f9fda85a9635d9f3e1dcd56bcf45887645aa795355b0da1bcacfea511a92251b9bcaee3

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\copytoclipboardastext.lua

Filesize
695B

MD5
f83c9de409b7a119a56462385ff846a5

SHA1
fa7ce23fe60bb20c7bb01ce73b6b41eb6ac0c675

SHA256
2a1439ea28c66ac0753eab3a02beb29653683fc438901abd2f5aa426b90210d2

SHA512
b36dae4a02b21855c861ed2d99a1bd4f0a8b7b9ac0121d3f811e5dbb49ac12ec05d78f9b1b5ee443a4967182e3ce2e5a6a191977588f6eee8e4f41bdaa4b6dfc

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\cpuid.lua

Filesize
1KB

MD5
fa2ef4f82b9bdb07a9e719ce4d8b094d

SHA1
7402f942f6f65020919f2e3bad1c7cce3809e59d

SHA256
e23eaa1942ccc7acf92a9ccbc69aa0e4a4d1310de5e2ad92ae688dd3276b4afd

SHA512
0be764d11a9e00723c222f59f3b5aabbd7966be942f2ea5c2e8ae18903b3fe7aed8d6174c164e8ea561d1ae5a56d651848700b34580baf7acf700dcc08bf88c7

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\dotnetinfo.lua

Filesize
80KB

MD5
61388dba068c03a20a0f8de472268349

SHA1
665c3804e435427b782f67f9ab04484de129e3c6

SHA256
0a74625171588b96539735526e358a108ed911e7c196fb8e6f06b1d4b035aea5

SHA512
bcad2344df701d1099448ddf6e6f77d79f0f58d0aa390afffafde8d426d6ba52d590aee66dd46d0e3a339d0e03456539f0ec20f4679610ea505987181fbe72f9

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\dotnetpatch.lua

Filesize
7KB

MD5
01105e6712c4a3bc94dfafd16b17e174

SHA1
39c267a31e15d8a49467c33d883fc5a388282e85

SHA256
ef25316d45ad4e9c95908f24ce77fad3f9064178a18bc87fda02001cc835617e

SHA512
78fe71cf3afc2f5433df65052a349e6ec153547a16217912a911e6ec40908df121d5c0b7b29e41c7eb62f5e3258ec248cf5dfe9a0b55f9041d3fab0f6c3ef35d

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\dotnetsearch.lua

Filesize
14KB

MD5
60543df7087b2882acaac2adf386721b

SHA1
b31054aeebece5dcabdf78c64b908364545effc0

SHA256
f6a74f0f4bfcb249d976aca079bc1c52128bad6cd78aaa85930c2dbcdfd80388

SHA512
5875ea77810f79bae658755c413902d04fc318f8dc2d734bbf1396d55c80fe276adce44b36bca6f8b2066d35044583fb155c84d74fdc8c2df3a881adc68f2408

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\emurpm.frm

Filesize
1KB

MD5
fa01b87f59a9a20a794004e1421fde53

SHA1
d14059dcbaba7cfa649256c711e68adcac9979bb

SHA256
931db1b793e0921713998b0789732e13c8d479f15186456b1e2fb9746322732d

SHA512
5d77e5635efa2a4928aa28b7f77025ce87bdf4656ea2b9376d699dec92689e7cc7186929d775c1d605261d799c0fbad6367da0759cac6d199aa75f33f598b40b

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\emurpm.lua

Filesize
8KB

MD5
d480b6929eb8a674ceb6c8b33c75d446

SHA1
f590d9aad3a756c6255b2c3d45997bf7107afc1a

SHA256
8806ea82a0115d322110fe9fcc60796398daeff28ed1c220fe36269462dc99dc

SHA512
566d041d96c50742cf9d048b89aa1cf71eb713714f902fff147c45494308822f14044c7aed9b7792e3a27b261d0e9201bd4efa224e9e662e3f2d29c68327ab1b

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\java.lua

Filesize
85KB

MD5
8348b162a9493ed769c43cf665789332

SHA1
a475c3413d6da71517a9c10bdf4576674cb5567e

SHA256
10c9644a61d703576766f6152cd585b187291f01302e72463bd66f28d6e7a459

SHA512
8de45db04030dbda671fd83b340bf6a924b12005cfe26c81e7c30216e6df04c62dc20df243f7f6e68f225dc77e274af8dd3bfc9e7807910897f1d1e3c0cc0c47

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\javaClassEditor.lua

Filesize
52KB

MD5
96a64006f752ecd75faed81f86212f93

SHA1
1889ebb9c206866a7096f6ecd5b7cec628dcdcbe

SHA256
4f0e7249a20147fb1e364b5b182d990e6d00bf6a2624edaa368b65142dd08408

SHA512
01f01661b7c8dddc2940fb8a6e3384c5bebd1560703e510e7ec029a294aa0a49486b6948851d99c01594cbddf75295d2f38ab4c1e7760afa3e40b15151b0fb2b

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\javaclass.lua

Filesize
17KB

MD5
e4fa493cbf4f5e932dce648a78800616

SHA1
b82c12b23ae06ac07ae61b0b599f055dc879c949

SHA256
acfb9fda20c347d8b7b2e513d38d2692bd054ae90b88e846460e66b986dd8d1c

SHA512
e0c4b9b757d4f38dbdb2c5ce11fa27ee742eda97a20f098d38300c8dcf27015d5cfc8bfd658b6a7f48cfdece9645da633c32b18050598a368432f7b026826823

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\luahook.lua

Filesize
12KB

MD5
08a55bfd1dcf6702c39bd107d350d2c9

SHA1
adf27ce42051d8b53b1fb011e57b0a05f2c9b8eb

SHA256
f9fb29fb5b7fa3a764ab4d58724f3978655d72844f50c12e1b86d3994d627e78

SHA512
67621a6d86d34296f821381ace800d1ec3f8dda69589104aa83f9f6d23233dd2b39221ed378404d608703587b20a87f3acb15cc5cf7293b353b40374934689db

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\luasymbols.lua

Filesize
629B

MD5
df4d243ab0407a1f03ccf448232fcf62

SHA1
62453cfa7abf6fa83158be1ba86c854d9a6b7d4b

SHA256
c5a35380af8bebe96b85377f5f41f8c068cb857c74b9cb85b7467b35c1de10c4

SHA512
4b05b65909673e92f59ab64c1ff4e0b829f5c9085eafa1fff28cb0ccd7e6a7f6ef031633f443e0ba156a4b8f5009f526d0356f39ef77b22706f98f100b1909c2

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\autorun\xml\xmlSimple.lua

Filesize
5KB

MD5
274946677cb1fb1c63a04aeb641e21d0

SHA1
b4c71b59792773f20878e3ba582331cf4ea7d592

SHA256
05258e280f53c5905ae374f808f4383cfd0898f6e620d875136edeb0fdba34f5

SHA512
aac74d0da491ac3e9465964a3861f93eacd63d2c445c1f235fed444f60f9ce19d3bf5069bd012ae72593516db96ca4a0fdfa07e83218466743551cbf1a6a64ef

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\clibs64\lfs.dll

Filesize
125KB

MD5
5e8ad34ff069b6a2e1ae00bdfe96b612

SHA1
3c83aa3ebd95d9a060ed1f06e236e046c6cd93a7

SHA256
4ee8d3375f2eeb8e5afb230d13c2cf9ee0379b0edfa76ad8dbf5ebc686a629c1

SHA512
54404199c3b5b3597dc8fb5a6e3c6772f2729045aa5c9aee648c4306358481def2bc15538899ab5e0f5e33d202cec863348830a090b144e00d1662ccf4175828

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\commonmodulelist.txt

Filesize
1KB

MD5
cc0f8b66bfedc67da8dbb2a7df2aa006

SHA1
c6d86cc43a042581e389dc9a28affddf64294ac8

SHA256
cddd0f35f7351e6f19486ccd7eee5d31f0134c5c3554a12c7d51131dde8e29cd

SHA512
a4aec40ac6bea2adacf15829aeeebe66117473a542303024669a828710c6afd072c0f4890a6a334b35ac894a1a80a5bdd5e91a6ffcb7149540e304117a7e5800

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\defines.lua

Filesize
12KB

MD5
62e1fa241d417668f7c5da6e4009a5a6

SHA1
f887409e3c204a87731f317a999dc7e4cc8d3fcd

SHA256
82e8ef7df20a86791cef062f2dcacb1d91b4adc9f5dea2fd274886be8365b2f8

SHA512
2283cbb9e1d5d53ad1ed9bc9db6034fb3c53c633b11001f373523640bbbba95da9a3a0866c7d5fa0620facab7d18c8577dfd69496fc7319e0a4a74d0b9e10c45

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\lua53-64.dll

Filesize
528KB

MD5
b7c9f1e7e640f1a034be84af86970d45

SHA1
f795dc3d781b9578a96c92658b9f95806fc9bdde

SHA256
6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

SHA512
da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\main.lua

Filesize
201B

MD5
62771a63fdc87764bff87d82918ab02a

SHA1
8e468ded8ced87a10470bd5594337a854ff344ba

SHA256
5c16124ba0b39214becb1af4161bd82147ad8468879a3fd8e9facc656a1d2e6f

SHA512
8d1792b712504336cac0b175146f2b7eaeda043bd3941c7b7c54cf926a4ba4835f0eff7a2ad5c7b5509f80e7420c3f5f94200d4c3f922db92b807e20e09a84d0

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\netflix-x86_64.exe

Filesize
2.2MB

MD5
88c9cffcba6c8278b13d8ca63307adf2

SHA1
b8b8564477064955525d6a81a3441132356ea2ef

SHA256
686810852c96f1b0e603dfb97fa014cc67200c66a714ff4cddd3b5ab7af5e558

SHA512
c9fed3f6c6e14223cffc11b1cc9768d89806dc9239a4982a5dfa88f318f00e459da267899c58a4c7e7a55d23adfb597fa7de9187e51ea0f5154a3990df91daac

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\netflix-x86_64.exe

Filesize
2.8MB

MD5
29f30036ba8b9a5078536af3c0e3f541

SHA1
25e51050ae0c80631a4bc0ce27c16ea580662442

SHA256
c922d804b734d904857652f6a534f65d5feeb6d15f6d2e6be8768fe2419d537d

SHA512
0b31285dd6a379e2ac7bfaffbf0ef43753c4fe19d930ec9724514fa7a01ae30db364c3eec832493023a8b05ab94703f3b5439df42a8444401a62b38f5c8b3731

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\win64\dbghelp.dll

Filesize
1.1MB

MD5
59657c57866407cf1fbe5735d8bea448

SHA1
557c8093acbc07b3b2bb3a0ad13fb9e93343fcf3

SHA256
83a6a702b29a7b270bf69dd561b99426edac33c35cc0c17b91752e5698f11e36

SHA512
17aac904c2ecfeabaa41bcc43a0ee6987c931b38c934b53f712ec87dfaa8837e0ddf3fee187c930200556d1e82b01d89ab03170e053af9c7f24e2acb8237ec5f

Download Submit
C:\Users\Admin\Desktop\ToolLess Netflix\win64\dbghelp.dll

Filesize
1.1MB

MD5
e3914839957c974b2906937eb5007849

SHA1
9840797ff079f780f9d60f366bb6cec484c7b9f6

SHA256
0b6ecd5ee132a1a8169ec4ed75227881f03759239654c7d5d3e98595bd4a4be3

SHA512
c18abcfc1128a949b7388606ae91c7ade4ca7db78f64e49b2be54e90944e8cb87dbb0266432b8d1325674d432f00a700906330956fc24bbab56a542e7f6a81b9

Download Submit
C:\Users\Admin\Downloads\ToolLess_Netflix.7z

Filesize
8.0MB

MD5
0684ba72a7ca7071ed54352e57090232

SHA1
e4bd872a3fa96deab980158fb2828561138d84c0

SHA256
b736119b64d07e3c89f78dc229aa38f38f08eff9718eb1743c1eea69c913f856

SHA512
252a43f832bf1addcd9b01b9caa390b05f33d2e6e9a3e9b9fd8416e9cc5156704c7e8a496126815eb0c16e1f26cc1d3bbfd33dd405c9d5469fcabd5376862970

Download Submit
C:\Users\Admin\Downloads\ToolLess_Netflix.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4864-997-0x0000000006D50000-0x0000000006D51000-memory.dmp

Filesize
4KB

Download
memory/4864-999-0x0000000006D60000-0x0000000006D61000-memory.dmp

Filesize
4KB

Download
memory/4864-1001-0x0000000006D60000-0x0000000006D61000-memory.dmp

Filesize
4KB

Download
memory/4864-1003-0x0000000006D60000-0x0000000006D61000-memory.dmp

Filesize
4KB

Download
memory/4864-993-0x0000000006D50000-0x0000000006D51000-memory.dmp

Filesize
4KB

Download
memory/4864-966-0x0000000006D00000-0x0000000006D01000-memory.dmp

Filesize
4KB

Download
memory/4864-967-0x0000000006D00000-0x0000000006D01000-memory.dmp

Filesize
4KB

Download
memory/4864-984-0x0000000006D40000-0x0000000006D41000-memory.dmp

Filesize
4KB

Download
memory/4864-971-0x0000000006D20000-0x0000000006D21000-memory.dmp

Filesize
4KB

Download
memory/4864-969-0x0000000006D10000-0x0000000006D11000-memory.dmp

Filesize
4KB

Download