d960d813e436aa80a7e1916e61fe5a5d70544a250bbc65809881e83650f68365

Resubmissions

Analysis

max time kernel
345s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

83KB
MD5

b06069fcffd0976d0e24a6dd1a0fe28f
SHA1

e4b5ac681dc4a1045e39f1b5969395bd4e752f96
SHA256

d960d813e436aa80a7e1916e61fe5a5d70544a250bbc65809881e83650f68365
SHA512

5bbd933ce72067c4fd2ac236b8b6271c2ff0112b2da67988cf39ed1f4a95afb46252a5b9940c8c11053307dd36ac2455ead7123f1e6f499ea2d90d047b454e62
SSDEEP

1536:EASkVWKyYFiOOCV8Y1ue4bHwCfo4jW9+15RTP:5jGxyiTP

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 26 IoCs

Processes:

JDownloaderSetup.exeCarrier.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejava.exesaBSI.exesaBSI.exeinstaller.exeinstaller.exe

pid	process
5488	JDownloaderSetup.exe
5764	Carrier.exe
1144	unpack200.exe
896	unpack200.exe
5868	unpack200.exe
5624	unpack200.exe
1180	unpack200.exe
1160	unpack200.exe
440	unpack200.exe
3996	unpack200.exe
1084	unpack200.exe
4900	unpack200.exe
5564	unpack200.exe
5212	unpack200.exe
5292	unpack200.exe
2752	unpack200.exe
5800	unpack200.exe
6116	unpack200.exe
4312	unpack200.exe
1476	unpack200.exe
1612	unpack200.exe
6004	java.exe
4760	saBSI.exe
5976	saBSI.exe
5904	installer.exe
5428	installer.exe

Loads dropped DLL 64 IoCs

Processes:

JDownloaderSetup.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exeunpack200.exejava.exeCarrier.exe

pid	process
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
1144	unpack200.exe
896	unpack200.exe
5868	unpack200.exe
5624	unpack200.exe
1180	unpack200.exe
1160	unpack200.exe
440	unpack200.exe
3996	unpack200.exe
1084	unpack200.exe
4900	unpack200.exe
5564	unpack200.exe
5212	unpack200.exe
5292	unpack200.exe
2752	unpack200.exe
5800	unpack200.exe
6116	unpack200.exe
4312	unpack200.exe
1476	unpack200.exe
1612	unpack200.exe
6004	java.exe
6004	java.exe
6004	java.exe
6004	java.exe
6004	java.exe
6004	java.exe
6004	java.exe
6004	java.exe
5764	Carrier.exe
5764	Carrier.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

Processes:

JDownloaderSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	JDownloaderSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

21 drive.google.com
23 drive.google.com

flow	ioc
21	drive.google.com
23	drive.google.com

Drops file in Program Files directory 64 IoCs

Processes:

installer.exeinstaller.exe

description	ioc	process
File created	C:\Program Files\McAfee\Temp4094822419\logicscripts.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\uimanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\wa-common.css	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-en-US.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-fi-FI.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-nb-NO.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-zh-TW.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\mfw-mwb.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-de-DE.txt	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-pt-BR.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-tr-TR.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-hr-HR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\resource.dll	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\mfw-nps.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-sk-SK.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-es-ES.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\analyticstelemetry.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\eventmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\telemetry.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-it-IT.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-ru-RU.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\uihost.exe	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\icon_complete.png	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\l10n.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\wa_install_check2.png	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-es-MX.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-nl-NL.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-hu-HU.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\installer.exe	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\wa-core.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-cs-CZ.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-hu-HU.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-cs-CZ.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\icon_failed.png	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\resource.dll	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-fi-FI.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-sk-SK.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-de-DE.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-it-IT.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-zh-TW.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\analyticsmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\wataskmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-el-GR.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-zh-CN.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\taskmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\wa-utils.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-da-DK.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-sr-Latn-CS.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-install-nb-NO.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\browserplugin.cab	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\eula-en-US.txt	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-da-DK.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-ja-JP.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\jslang\wa-res-shared-sr-Latn-CS.js	installer.exe
File created	C:\Program Files\McAfee\Temp4094822419\mcafee_pc_install_icon.png	installer.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

5232 schtasks.exe

pid	process
5232	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

664 taskkill.exe

pid	process
664	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575717191298880"	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

saBSI.exeJDownloaderSetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	JDownloaderSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	JDownloaderSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	JDownloaderSetup.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

Processes:

chrome.exechrome.exeJDownloaderSetup.exetaskmgr.exesaBSI.exesaBSI.exe

pid	process
3288	chrome.exe
3288	chrome.exe
5208	chrome.exe
5208	chrome.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
5488	JDownloaderSetup.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
4760	saBSI.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
5976	saBSI.exe
5976	saBSI.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3288 chrome.exe
3288 chrome.exe
3288 chrome.exe
3288 chrome.exe
3288 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe
6016	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

JDownloaderSetup.exeCarrier.exejava.exesaBSI.exesaBSI.exeinstaller.exe

pid process

5488 JDownloaderSetup.exe
5764 Carrier.exe
6004 java.exe
4760 saBSI.exe
5976 saBSI.exe
5428 installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3288 wrote to memory of 3988	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 3988	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 1736	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 2268	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 2268	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe
PID 3288 wrote to memory of 4536	3288	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7ee0ab58,0x7ffe7ee0ab68,0x7ffe7ee0ab78
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:2
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:1
2⤵
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:1
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4436 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:1
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4808 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:1
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4652 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4636 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:8
2⤵
PID:4368

C:\Users\Admin\Downloads\JDownloaderSetup.exe
"C:\Users\Admin\Downloads\JDownloaderSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5488

C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe
"C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe" -Dexecuteafter=false "-Dregistry=true" -DinstallationDir="C:\Users\Admin\AppData\Local\JDownloader 2.0" -q "-Dfilelinks=dlc,jdc,ccf,rsdf" "-Ddesktoplink=true" "-Dquicklaunch=false"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5764

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\charsets.jar.pack" "jre\lib\charsets.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1144

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\jce.jar.pack" "jre\lib\jce.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:896

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\jfr.jar.pack" "jre\lib\jfr.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5868

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\jsse.jar.pack" "jre\lib\jsse.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5624

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\management-agent.jar.pack" "jre\lib\management-agent.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1180

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\resources.jar.pack" "jre\lib\resources.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1160

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\rt.jar.pack" "jre\lib\rt.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:440

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\access-bridge-32.jar.pack" "jre\lib\ext\access-bridge-32.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3996

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\access-bridge.jar.pack" "jre\lib\ext\access-bridge.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1084

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\cldrdata.jar.pack" "jre\lib\ext\cldrdata.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4900

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\dnsns.jar.pack" "jre\lib\ext\dnsns.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5564

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\jaccess.jar.pack" "jre\lib\ext\jaccess.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5212

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\localedata.jar.pack" "jre\lib\ext\localedata.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5292

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\nashorn.jar.pack" "jre\lib\ext\nashorn.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2752

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\sunec.jar.pack" "jre\lib\ext\sunec.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5800

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\sunjce_provider.jar.pack" "jre\lib\ext\sunjce_provider.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6116

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\sunmscapi.jar.pack" "jre\lib\ext\sunmscapi.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4312

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\sunpkcs11.jar.pack" "jre\lib\ext\sunpkcs11.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1476

C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
-r "jre\lib\ext\zipfs.jar.pack" "jre\lib\ext\zipfs.jar"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1612

\??\c:\users\admin\appdata\local\temp\E4J2DE~1.TMP\jre\bin\java.exe
"c:\users\admin\appdata\local\temp\E4J2DE~1.TMP\jre\bin\java.exe" -version
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6004

C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\saBSI.exe
"saBSI.exe" /affid 91212 PaidDistribution=true InstallID=a045d04d-6cbb-4e2b-8227-7d14531c588c subID=KC
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4760

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91212 PaidDistribution=true InstallID=a045d04d-6cbb-4e2b-8227-7d14531c588c saBsiVersion=4.1.1.663 /no_self_update
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5976

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91212 /s /thirdparty /upgrade
5⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5904

C:\Program Files\McAfee\Temp4094822419\installer.exe
"C:\Program Files\McAfee\Temp4094822419\installer.exe" /setOem:Affid=91212 /s /thirdparty /upgrade
6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5428

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
7⤵
PID:1580

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
8⤵
PID:5748

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
7⤵
PID:5808

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
7⤵
PID:2196

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
8⤵
PID:6068

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
7⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\twkhqb0g.tyo.exe
"C:\Users\Admin\AppData\Local\Temp\twkhqb0g.tyo.exe" /verysilent /ppi=1 /ppinag=2 /ddtime=500 /delay=10 /source=lvstqdu /pixel=LVS5091_LVS4980_RUNT /pubid=KC
3⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\is-SBT13.tmp\twkhqb0g.tyo.tmp
"C:\Users\Admin\AppData\Local\Temp\is-SBT13.tmp\twkhqb0g.tyo.tmp" /SL5="$304A4,5773230,1034240,C:\Users\Admin\AppData\Local\Temp\twkhqb0g.tyo.exe" /verysilent /ppi=1 /ppinag=2 /ddtime=500 /delay=10 /source=lvstqdu /pixel=LVS5091_LVS4980_RUNT /pubid=KC
4⤵
PID:5912

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Quick Driver Updater_launcher" /f
5⤵
PID:2500

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "qdu.exe"
5⤵
- Kills process with taskkill
PID:664

C:\Windows\system32\schtasks.exe
"schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Quick Driver Updater skipuac" /TR "'C:\Program Files\Quick Driver Updater\qdu.exe'"
5⤵
- Creates scheduled task(s)
PID:5232

C:\Program Files\Quick Driver Updater\qdu.exe
"C:\Program Files\Quick Driver Updater\qdu.exe" cntryphnno
5⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1656,i,2183451829298907055,16488826239448690002,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5208

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4508,i,7447082786332118630,10839110169592584063,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8
1⤵
PID:812

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6016

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:4120

C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
2⤵
PID:5984

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:1644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
2⤵
PID:5776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
2⤵
PID:6080

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:5736

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
Filesize
73KB

MD5
6f97cb1b2d3fcf88513e2c349232216a

SHA1
846110d3bf8b8d7a720f646435909ef80bbcaa0c

SHA256
6a031052be1737bc2767c3ea65430d8d7ffd1c9115e174d7dfb64ad510011272

SHA512
2919176296b953c9ef232006783068d255109257653ac5ccd64a3452159108890a1e8e7d6c030990982816166517f878f6032946a5558f8ae3510bc044809b07

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe
Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\unins000.exe
Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
Filesize
4KB

MD5
2ffcdcf296cacc4c00f8b14ad4e9dbc5

SHA1
e803d8a7d4c5d4f77cd27f6ad030f87b04b65c47

SHA256
777d0caefc78b5d54443ce37e2e8b2d9b72a184b7ea8ed58e0c17782c5616680

SHA512
4fa9a4cad57815cd5ec2aa46b9ebdc1d50074ad8f6421b7f4f8d4aaaaedce8eb30d22ba6eec282729f53f6747e366abdc22fbd8d96eff54a8ee58803fd2c9133

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
1KB

MD5
45e7d82d4ef2dce12716a99c2dd1e8a2

SHA1
a023eb105ccd366dce45d186ceec4873501c1eed

SHA256
f9f61b37e02d82082b25a5e43d68cb1d2f3e766bf3c5731264ee7f8a7f5aa6bf

SHA512
00971b67a48e4c304fab22841ce4223dda5e663cb7b56d9a4760d31371b205fcef790c04e8b688aeaa1e8b64bcc65582fbda6e3f6c58cd650e1df8de84bcc6b7

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
5KB

MD5
65aae5227d9fed42ba3a9c723cf6e02f

SHA1
1b712be8c7cf3a3134831f5e52580c8c540ffc1b

SHA256
e5425b7cc48d0ccfdcb3c2dd6d52dae812e096dd3bda22d30971962f3dc9c8ef

SHA512
3a0c0f1806abc99ac56217d46a1105626fdb5bcac021d62b1b8e0bfe6c0e190b5967960610bb449c933d457b20185ad725194dd7d6f13629edc74c976af22092

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
Filesize
4KB

MD5
725b38a2b2022c0d5f465d6e90ffd0f8

SHA1
f42c185d018f0c4ef62a2d74d07d78c0af1a1d1b

SHA256
2ea7704f6cb967c19843c08e00ac70f3031eba16284075387008066c05bc28d1

SHA512
86a65e08baf33936dcd511be51392831eed1851ccbe44d7ee47356ed8389f54245f1fb15d934c911d33ce82bdec2c5677ab3fd8d21a0c09a7b4643d996b47bfb

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
2KB

MD5
54fb6fce3e1a10b96640df40d807fb77

SHA1
5f4fba73e6ce9532b89919e927f31600a158c133

SHA256
eee08e222a0ed3341e99738c9ab14300b49b4f71861fac69159d201f8e3bc356

SHA512
168f16428f688d1594328b302aa229880e0512d89a1efe8e0dd1dc1330b30a5ea2c1ad51eac3b52ad9d39836cc1a361f67b5e0ed78fa087f7bc2b1b17d2707ab

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
3KB

MD5
5dbe2cef859fb20c6dfc5f5056b533bc

SHA1
a6df485b6cb04ccae6a4da81c53315cca544610d

SHA256
277924f608f7cd301ddcce5d8e017495605a844cb05d86f47edf7063ac5fe857

SHA512
85306efbffe4b3a264fecf3697e1c2ad7d5cf673b5155c0f3a397a7828375a76001ef267d90e6243847616d580fdc4bb697ac3a6d8f20a9b7cdbc16cfc47d540

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
4KB

MD5
23b242a5a5f1c5baec0e274519fa8c6e

SHA1
7104f5f54aa08ddb35e90dbf69b7e62cb97f6c8a

SHA256
5662189178d44b041185e9bb48884cc7ff203f895b5eb0c1d558d5b0906c8fa3

SHA512
5a1242fa1c321e7e77d5543465e9136c0ea47ea4ae890959f9786d72195d4fd343d6b7a684525cd34491e4f3383fc95ecf63dbe29c3d4bd6d0b38a61499a8a47

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
Filesize
27.5MB

MD5
d2272f3869d5b634f656047968c25ae6

SHA1
453c6ffa6ec3a0a25ae59a1b58a0d18b023edb16

SHA256
d89a2423da3704108861f190e1633d2100ecc30b4c40bd835ce54a6934887bc9

SHA512
41072ef6f382cf6d4d97ebc2a49a50a9bd41b53508a8586fd8d018e86aed135e8ac2cdd16bbf725e4f74f14ecfcf49789d3af8924b6d5dfa6b94dc6bf79a0785

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
577327051ea8caf9ab8942018ee8cea2

SHA1
b8d9564b2e528cea893f78ed87ed1fd8b211a691

SHA256
f709e1f7e948d52968d2fb5ea7da61216cdf7e56ed17d60010a1384c9e5a514f

SHA512
ff5d332a4e9d7e21ba72f4c83a536b05791d67bd74e0ab1f041e45bae7368c2c87c4101225720fa1b51b542d73e0d14d9cbe230107a08ac77fa22e6a14a4827a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
0ff404433aeeb437779d9a055a7f393e

SHA1
02a55bf36cec245f8924a3b2e7af5975f14558bb

SHA256
e8a415f468c3bd6f0d836f6406d163dcdcbc7acc3816d776ca963145a0eca845

SHA512
896bbc8d1a8a976f2718e220bdb64fa56ae04e395866fc6ecd43e0da87375222a8655eb971803378041a94da9790225c1e512ee43090097de898e0668c46009f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
5c687026e5dce9f3744e90e0914eae00

SHA1
8dd1dae2ef94d9a5589d7bfdb57a237713e66200

SHA256
58c6640c9a31a4f9cdf6d3ea522d0af3ef794345826d80aeaadd8b8a7e98fc55

SHA512
b2e410fc48a881200f081c81bbdce137b8cc0b17ee441f4611421085e649fca0bfec0dae772d8d69f4a041f6c73cd170b2318a1ac6bb3d58dfb588f041ba19ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
c4be702ddb75bec80cfa62abfc2f7939

SHA1
0fd5816addd1540ec8d4273ca7ea0b4a0dc91564

SHA256
fc02b7599eba1dc4c1f21ae504c70a79fb99fb842735b3215620efced45a3fc7

SHA512
e110bf8a34fb85f746fbcf25f3350ca206d3a7310bd15e2c502ab4f4a8d03d7266844320a3ae264e3dad8265972ae66a95cf2e0090ea44703a4f05e04a8e670e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
4f2eb592d402344e3ff5806aaa1af2bc

SHA1
51c05189fa9d254bf21e620149486063180d996c

SHA256
6005b032b8b4a5840b1099797b9020825a4ccc76fc85f285fc2677637675d517

SHA512
2dde263e0436a985e50a761bd1b0e5b4ac47f6208cf8d6876efc1817cc423389e59075fc9d994ca571bc6097443b64fd2144d89be7e6f77b0ed34eb011e43745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
0305fb522352bfee2a9a1dae6b015f2e

SHA1
92823f709669843d72bbeccf8301b4e9269127ab

SHA256
ac77525c32dcefab623e43ab509d6f4209489ae7bfc834d5ba5fda5d6fb4205b

SHA512
0f1abefba4ec75e11553f3d366d7013853b5252c8384525190476da0d52bb42c1d9a1c1c93097fd7962820611ec4bcafb89efbdc1def3112464d7240dca34ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
a50b9f8987001576037e205a4991c6c0

SHA1
ce196cd921f175786e502db8afe3ede6223072de

SHA256
6d2bc6e2b27b30fe60308f4b8be16c827c49638bc8327dc2a03f36b6adc0a226

SHA512
a13564a94b60e0d2be5d045cef0202d5b89288fb0c93412750da4103e8c6861b37a72779d41b4ca3cb3fa69d8cf6f5f169b73635e44d9a6cf34f85a620679c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
944f90977d659f5b1e036176f08ff3f8

SHA1
c592a41aae8a3071998b8aeff5b64fd3bca4e2fc

SHA256
3429cb88c3d98bd91747fe161bd55a3a0747cc6983bb497595913b3a93609c37

SHA512
04615efc6fd4ff1607f7243b30ae7af5ad6a9fcabe01c8fbf62c9bb867b510d977a09f40edc36bbb941253240043161777cb777652dd7b2f90b26517847bb42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
94e360f07da68536dd118caceab15b3c

SHA1
72e6674a3f248a3ffa6137b95fe4dbaf5094f265

SHA256
e0d1985901008c47945ce2f036067be96794462055517bea9e5c35967b6aca8b

SHA512
0769809a4ddcb35ce741ecc76e0788684dfab8f5213049a05a7c99ba57d0ad74ca4d8d830d87ee5c91d2b80d99a22256ae5c663c53b73f670475b1b39c6e7a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d7895fb321a8615dc60d4c75fb20e4a5

SHA1
9931ebae422e63ca0881cb94678fdb0f52ea52c0

SHA256
fb3b0bbdc8694d62d3513feeaab5f4c82078bde374a24af884bfc0f4c11dcf30

SHA512
3df30ee9f909d19e35ab39e9bcd54d2c97a26d6ad14362c909526d0c16a0c7fd362676b2b893f9f494ad9b1d611dc93feeed2b922ed87c648115e9d8cbb6b501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
812609faf958a39a617be6debe239376

SHA1
9e83d34a4e130897046111fa7060aa4f62695ccf

SHA256
2719725c5ca7eb0fafe7f699993bb29ea7f81ef050cb287da6c6a57f63a39ff3

SHA512
ee3dcb4dcd48b36ef5aeb52940fb64e59615411e22ef60cc369caf60b44133bf42774e836aaa0cdbbd3ea2d048b04ca68fd4ae1c615bf32b6ce83930236010b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
7f3c9fc1c96ccd75d57cb71129403e5e

SHA1
abba0a0991b4a6c57f42afadeb0c82f51e5d7c0d

SHA256
a5218241d91edb8da8ef0323d6ef9e3779e8e2fff4767e21ef8e1cdc55a47b6a

SHA512
a8085dc5012c327c3c803e8ac391a50577d30b9292f836919f64713357c8b9017fdb22c51f1161adcde78d0f619f30bfc038b10eae517b8fbfa46e099d64bccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
3851ebe71f50268a1245c6fb812328d8

SHA1
421a52a893a44a62ca86c6c31c502075746e2029

SHA256
12f06a1a39445a6a8927553e95ffe8404d3821a05db0e7cb9561f7cb25eff5d4

SHA512
0440dcc13eadbb3e32a27f2357c78cb8b3c7b099e0ca87963fcd7293744d81ee18c1a4964cf46f9227cb95401e6be9c115078d7525cd43191f235f20e5b321b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
1ae09d305568fd294574993bca8e8a10

SHA1
d2c9d1bc91d62edf0f014757f2dd4f770d8d2d44

SHA256
1cb992eda2eacd28c87211d6f91c327479845ca3f86ab29951a4e07242261790

SHA512
334303b7ed0161ea9163306e3691806289452670a054afe750158322dbb7e465de3b1c04dedcbfb488c39a7ae2c36ce859ad7301f60215bb85c74bb17df519db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594dc8.TMP
Filesize
88KB

MD5
fbde92de6225a19ba193c1d08d186198

SHA1
2c2d7769dc8fee3f6663e5bc7f1dedeeabd35768

SHA256
5dc78b3479df1a8ef4cd46fb8abe926603cd77a9e31a49bc191ce8fee65f79e5

SHA512
ad04fbe6c903f37c459f6db8eba6ea8954a4995cb0818816843d8ce943c1024cfe42f0a8f0dddbd514ec2e791013f73a577aa1626f5f760c67ad9776bdcf2cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe
Filesize
27.5MB

MD5
a7bea54cc86e33386a7aeec02ef77100

SHA1
78059909f44c36933de0054b9f19b4fd09b8ca02

SHA256
21a096298cbc3189ce0462d07ae3bb7192794c7c77931db835b4936d25d315a7

SHA512
74ef995bf6f3f164b5981b0cf284862ad458139485341d93cd791901fa965a35c53a362db94c098c4baad9188426ffebd2e8c6dfc5b662c4b5af3540b27f9822

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OCommonResources.dll
Filesize
5.7MB

MD5
412ba91898313a54cf7db18b0e9e610d

SHA1
f1d893e079cd4599fbf0c862df337476c42be91b

SHA256
31640fb6e193a987986c6b655110189d8e30408b00234c955158973ec9e97b71

SHA512
8dd0e3e8ebe43379c5002f6133c49e509964b26fea8c46ed8dfc2687211c6d3a000cfc04edd2dd9d34df03400b5640f5172fa22913d65a784be191aa995ea558

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2ODAL.dll
Filesize
17KB

MD5
4f54b457229815dfa6174eecb2cd639b

SHA1
401d38258e91c9c3a8d5a5ac5cbc6b2e861301de

SHA256
7d3013499d2ec43a6b377ae7ab563248ebcfc09a8f0e4a6bd6a0043292010873

SHA512
fb4373b8f6dd5acc88c3cbb10116f394b5ce7bec078ed04da633c620b0e84ac6cfbfc03ad18b335ceb7e43adfc36e0c7eb19920788fa117f6f0d366e0ccb5ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OModels.dll
Filesize
78KB

MD5
7a4ddb62db0d21cea4ab724e4ad732fd

SHA1
4cdbfac30ac141b6db788c4e4a9eed680ba5ad21

SHA256
41547db61fc5e43e0557ceb44670cbc40ea373feb9e7808fa357fded36d7748d

SHA512
523fe5f4729b06942c252db908d01c48261ce7224995e4d361f4084321893459850aef8ddd18a25474d3685fdf512dfe2f583c0fb749861cf744df1cc46cf440

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OResources.dll
Filesize
20KB

MD5
cfb06ff92b4bbbb61eb9fea6b9a866ee

SHA1
5998200da6c043a82d3f7b37e4770bad80f2787e

SHA256
da79b3c64ddf384b3d6c1864c3dd3bad1973f53db14db6623e360e41156ab796

SHA512
58197170fad4d931cf3f55b376d1c14d8c86a28a86c7141a0b1faf34025928a28444617565b0924250f6193104cd1b02501ec0ae438083336624fa3d41585525

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OServices.dll
Filesize
168KB

MD5
45631ab991cd733c675a5d0abcea00e8

SHA1
acad2f57465173b823541c05588f018559dcf2e7

SHA256
21a2bb14ce7a73a1ab28f0178e9c9a3a8add4d893a3934b465f812d8d541155c

SHA512
5262134ec99aae19f339d8fa814b583f6f407a84d1edfc6844b06f1907b32ccf29a878adc171392b6d7b49d788aa5c0de7b667be65bc950d86ea1be04184b0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OUtilities.dll
Filesize
125KB

MD5
e0ffb8f465efc031de785b841564b1fd

SHA1
ad8a16e081032d4523ea3e84429f07e3aaf7feef

SHA256
1da093c90f1ef01776b506b151ea2b525155344a337b057d1c04665ce1d12de1

SHA512
6fa34f9b1e76fd18f3d136d55cf2f2d652756831fbb67db7d4cc2224892483a6b621e7bb4c925db43ab8e999727ed9dda37360358628adb904d4979456b153ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OViewModels.dll
Filesize
9KB

MD5
74d840d8263deaa875ce9bf40861625d

SHA1
876d6d704e61856f7a4625d13e23254d42383464

SHA256
cd201abf119a063673da03e9fe81e4157031993d3f6776ef0afe9c070600d242

SHA512
a350612516b364a6f1eed2ea4289b1c68d4aee9e4160811f4537e270307e8e25c0ddfdaba9725913a5dd6fb179483247bad4f4c6cb19db2cca8b2da356854bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\HtmlAgilityPack.dll
Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\MyDownloader.Core.dll
Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\MyDownloader.Extension.dll
Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Newtonsoft.Json.dll
Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Ninject.dll
Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\OfferSDK.dll
Filesize
177KB

MD5
dc6d53b383ae4a1389ec23e676afb866

SHA1
0bf4672988a05e292b99000ba5bcc805c1b16d0b

SHA256
49ee3c4bd541bb0f930ca8743aa72063b182db59548254354b0ccc5276295826

SHA512
8f4af4f5384a541e32a27e4489aeb75bd8d9002486ceb281acd62e592f9a3494d85622293b98d7bb5da9cf9f5803873db2bfe2431bfe7f6c9a516c091089367c

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\OfferPage.html
Filesize
1KB

MD5
7c9ba4307c8fa852cdc21898f0638980

SHA1
5f5b065c46aa8a629f95db2e4e47c5c5435c4622

SHA256
c8a08eada415de5cfe32d174d78ffd8750cc9336be8f5688d87c8cda6d2ce7a1

SHA512
fbbba6ecdefb39376e5c71439323b38f20ec47cc6c633d69da5440609b4dd545a8fcb2ffa9998b6c99ed4baa55c42496cc212058c8bbca99c4b9b6eca6278a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\style.css
Filesize
17KB

MD5
362fa1bf3819e45f44dea23764464801

SHA1
6ac9c0b66e3dcae13d04fe55467e06b98f245081

SHA256
676c33de0bcd9869319dcde8158da5cd4b49499240592bf6b95122068b23bb11

SHA512
34403c23927be775e96bf57a6ce702af8109cffb26608f5a49cd7e3cabbad358da30a0eaa36927cc7a9f01d61ba5f720ccf41c1f9dc5a97f1de940e83637fdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\Config.tis
Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\EventHandler.tis
Filesize
10KB

MD5
1116d7747130f4552a91e61a3a6000b1

SHA1
bc36996a664dab24b941ec263679c9d6322e61a2

SHA256
5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd

SHA512
af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\Log.tis
Filesize
1014B

MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\TranslateOfferTemplate.tis
Filesize
2KB

MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\ViewStateLoader.tis
Filesize
16KB

MD5
85c33c8207f5fcb2d31c7ce7322771ac

SHA1
6b64f919e6b731447b9add9221b3b7570de25061

SHA256
940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a

SHA512
904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\SciterWrapper.dll
Filesize
139KB

MD5
f9ccf333b9891dcc26c780593f706227

SHA1
159e902ef413c6a7e2a668913c3a7c52ff4833da

SHA256
ec5c5e6dabbf9a9cfeef6bb6c5e842c3ee0d5906224b7c30610f736a791ae3dc

SHA512
94214410d1b9ff7782abb6efce794ce3f51af2512686055a27dd5875bf34c7b1610ae5fef60f197c8c46259d930eb17ebd887f7b92b01f1182ca266735e1af7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.Net.dll
Filesize
101KB

MD5
f534c11d6a35477b069e3fe23b004394

SHA1
1e13a0cbbfd33ee4174f2289c9549967c2a28ad2

SHA256
28dd9b9fc9d950fc9c5d27bcdb78aa76803ca7aa8dae8311f8e51700b9bb3e21

SHA512
b64bcd1796396a4e443a2199ac8d294b6492798dd2c56d067705a673661d8bc7b3b4337cea9000bbc188c9b82969ebfce412af1d071315228f6a50c2dfe915dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.dll
Filesize
153KB

MD5
ceb35d7cf1620eb138a71c23059ff910

SHA1
6c1ebbfbbc30c8fc02c9742131115d4f760d2ee8

SHA256
b551b3066022b08e7da70e9bd191e691f8a26628633bd8524837319201ebd0e9

SHA512
dc8847c712f0071ec1d3982e05eb5d79cad22484b8e9e1c3c644607fb8d3f08b00b9b94aaadd84d3bed8e802c677df5a090e08589fef8c3fc246a5cb3ee2d813

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\app.ico
Filesize
182KB

MD5
1f0fa25c629e147a347578677ef48c43

SHA1
55067928730e6781b657f26242c13ccc843c06ea

SHA256
ca4422f74242954350de35efa9db4f92ff748ad278b56cecf02c0ca9192460f2

SHA512
baa962508eb3c5c1277f01f25e68b10017d2e0d7dfe876253d54497aa6e9bd6f2f1b4d88fc82bea962e4c252654fcbaf3c12a07e2097dd57ea62aa9aa192f80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\msvcp140.dll
Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\sciter32.dll
Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\vcruntime140.dll
Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\MSVCR120.dll
Filesize
941KB

MD5
d4fca957f344859d45ad0274860180b4

SHA1
0bb8a7a895ab8875bb03048a4541029ee665a4f2

SHA256
c084c86d1642a7775a36e85223cd80549bbee887d6e8b133f5953c37e7ce0e0a

SHA512
934c799f8f155aa381a6c7d3208dc5086fa7bd44a114ad7f0bfe3906e555cd766122f43418d8978cb52538e0ab14fce9e6154064dcaa121e205527a3b718acfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\bin\unpack200.exe
Filesize
163KB

MD5
8a7e94d3c3c2306ade5f2ea359cd46c3

SHA1
18c4a4549d990438ba734c4f7c3a4ef795e4297c

SHA256
09147c13d553dc415af12deadcaa9f11c042b7b94ada6479cf2b598a2cc2db0b

SHA512
220592f6af2ce1dcfedd0d29195d066508ca097604a2198f52d9a32b8d85e0953d62768c02922ac2a898fc410e6b7b9d80d870660ce602245182cc5f63cdbad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\lib\charsets.jar.pack
Filesize
1.0MB

MD5
715bf147a0a6c08d80896c05b1f0a8f8

SHA1
c32f60783b8f88d1156f281292840c9363161cd6

SHA256
73f724323430aa8433d3f1a9a7cdc32f3450d9778253de40104cc3b7f9becedc

SHA512
6b447fa4c2e5299ac66ee4ae74cb37930b71e1be685a45e9e09c297fce69aac6b0293101220f8d84bbdc8c7a2d3e217ff24e5c07f1dc4108ac3db9f7b5d1a931

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j2DED.tmp_dir1713098339\jre\lib\jce.jar.pack
Filesize
50KB

MD5
65b6533ab0d6f390ccc9278bf8537493

SHA1
b188b52fa108e44504bbd8b7bcbcf6dc15a26779

SHA256
73535750ca73c8e4a448e8df7dc3c052a1944e01248f694a5108ac9020b3fb6d

SHA512
c2d0d68e24f0a000a9ee9ccc0b394dc185cd006c62e59715996b40cb6b8d204cf437e260ba022823a45133a5af5db5ef3e81e9a9ab7a86bfd0851d3dda00f452

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
632B

MD5
4c0725b4264303c2e9dd6667bb09547a

SHA1
3c4ff64ff5f82860f3b348b4660d610abbeec2f3

SHA256
74fd4ef7622b9dce99e153f6c9d44cc90b9c50efc3982bc5630c3a3148d38ecc

SHA512
9f5d743749c466a5cfe9b2664e9d560e30df2f8341a33d8551a717c8c22729d6d22db986b9b47aff710f8eeb954110e8718c4614c163728f45c2db1c0aec34ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
939B

MD5
86c3f4c8988416e6347c51fad77a0316

SHA1
cd8db338186dd901e59878e27c77a73caddccc49

SHA256
e190d25aeea592a352af64339a3dc48eb6e9e91d720d64548271cb4edf22700e

SHA512
4920ffdde5b3ae14692c051eac01f85d85224e989bc7a3aadf8aae17807d9e5c4edfb25fb34d76423aa3954874f3a001f498d593e65944584e662f7c67cd528e

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
1KB

MD5
9dc03b63a1bfe292338f8fec8948e82e

SHA1
a03f23a9cf6039331b1e31251effbf7e603be441

SHA256
8d305a22a5ee39cebf7d1e80eb631d3c05dd227ee24768f2bc5ec12c7852b6b0

SHA512
3ae623d3213ad2c9c82dd02d3c110bd5d2b46160287e597ff1a104139c5ba25f71a5a90e34c44c809ba3388161ec7a5c80af275c1b2708dbef547547c1a8ed50

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
1KB

MD5
6025546e1ee412e74b6207b827721f8a

SHA1
ba42daf204a0089bb9c7d5982293d2f9a500dfd3

SHA256
22946945e979711d70288853835fb0437ccf466a6bcf2a65187ed65fa565a037

SHA512
69424d9b298f6bce76fcc73d42c8212c1e4fe47f6ed7bf5cfbadb3f9ea13a17adff24e61cc7a034d3777cfd69020b38d81eab3b1423839421946b5b7d1f340ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
2KB

MD5
fd10506d31ba43db41faa91d0cd09d09

SHA1
d4713fd9855188d19f44e952aeb76fc4e0836d61

SHA256
5721b8fc15211f93d917aebe6bdfdeda12350a626d2a3b030a6a37eaae782789

SHA512
655727cc0e5317cbf44923450e1acdd76c5364dfbd5f275a00f3464d3d96f4fa8161cf81df049f3371a1d10acfa330f8d352688bf9da680a4a02a9b0895976b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
2KB

MD5
dce0d572f3c451014de696e674b7a9d9

SHA1
53e273f0e6e1ba474720ca3e3f734c67bd10c796

SHA256
d3f7a627628d9923c35038fb209d505265ab9a7f61b161b690d4f1f846f2c353

SHA512
978afbfcf0d61c8d70c4b284deed2ffca6517a8ce99e198f638a1059c42cc8492be2f827200234464c92f13e85128338c6b243941c2a7d8726781f49cd7e5e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
3KB

MD5
ed13519723e904a2b53ebdfb1026515f

SHA1
8eaf312409b6143d5c71cdcc511e3baa0f15378d

SHA256
ba6e2829a02287eaef1314bfbd0fb4ec81f621d4ffcfd4ebd63bf519b676d1c1

SHA512
72c9375e85378d5ae5d43417c8e7a8924966124d5fe89d730c8482b40ff516cbb02a3f72d405973cb97e20b9444f18c47721927f8c2c2c82f3a22a75580d7f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
3KB

MD5
f7b6a343fc73e9ce602f09a983425ad0

SHA1
22fec37477d321d46ffbddee956b6652312ad7ec

SHA256
4ba4a8d2b124fc31a4fe6d1f22c176f33ccf224146c12f69125fa37a98385443

SHA512
b16d99f0ce5b585a1b9bd7ba20803733da260558de9781357ffb753633ac3390b2ff5ddaa2fff8bb5cc44e985ae6c0a5150d6629958529525b9b2d7fb587891a

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log
Filesize
4KB

MD5
b2c8e5c11081fda39ae5b01d008b5159

SHA1
56bc4c22f90d5b7e851bc076401d401aeb24c409

SHA256
312767e60ce487788455c27b8e334dfbe73345b825314be3bdf4b442b635ad90

SHA512
d0a7bcea4a6f137816dd5c02663d2c8009de2036b22f0a1b215a50bbd0eda9179cf4594741cf38e7699305e9ccc8dc80c1ecb34b4651d1f316970418b6d0aaaa

Download Submit
C:\Users\Admin\Downloads\JDownloaderSetup.exe
Filesize
30.3MB

MD5
c3c3b50075bd5c87cf500c255dd833fd

SHA1
0b3593f15ebc8424919857d08d016b2cda2b5161

SHA256
a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc

SHA512
f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d

Download Submit
\??\pipe\crashpad_3288_OXRVHPPEFWASJYJP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/744-3384-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/5320-3657-0x00000000013E0000-0x00000000013F0000-memory.dmp

Filesize
64KB

Download
memory/5320-3667-0x000000001C790000-0x000000001CC9E000-memory.dmp

Filesize
5.1MB

Download
memory/5320-3656-0x00007FFE6B2C0000-0x00007FFE6BC61000-memory.dmp

Filesize
9.6MB

Download
memory/5320-3668-0x000000001CDE0000-0x000000001CF16000-memory.dmp

Filesize
1.2MB

Download
memory/5320-3669-0x000000001D3B0000-0x000000001D784000-memory.dmp

Filesize
3.8MB

Download
memory/5428-1982-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1831-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-2056-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-2261-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-2382-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-2546-0x00007FF6C0A80000-0x00007FF6C0A90000-memory.dmp

Filesize
64KB

Download
memory/5428-2547-0x00007FF6C0A80000-0x00007FF6C0A90000-memory.dmp

Filesize
64KB

Download
memory/5428-2230-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-2031-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-2022-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-2023-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-2026-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1999-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-2083-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1988-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1761-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1764-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1734-0x00007FF65D8F0000-0x00007FF65D900000-memory.dmp

Filesize
64KB

Download
memory/5428-1770-0x00007FF65D8F0000-0x00007FF65D900000-memory.dmp

Filesize
64KB

Download
memory/5428-1805-0x00007FF6B7C90000-0x00007FF6B7CA0000-memory.dmp

Filesize
64KB

Download
memory/5428-1806-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1812-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1828-0x00007FF6B7C90000-0x00007FF6B7CA0000-memory.dmp

Filesize
64KB

Download
memory/5428-2029-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1893-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1947-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1904-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1911-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1843-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1847-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1872-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1875-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1865-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1855-0x00007FF6B7C90000-0x00007FF6B7CA0000-memory.dmp

Filesize
64KB

Download
memory/5428-1835-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1821-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1837-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5428-1780-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1735-0x00007FF6B7C90000-0x00007FF6B7CA0000-memory.dmp

Filesize
64KB

Download
memory/5428-1721-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-1712-0x00007FF6AA3C0000-0x00007FF6AA3D0000-memory.dmp

Filesize
64KB

Download
memory/5428-1699-0x00007FF6C0A80000-0x00007FF6C0A90000-memory.dmp

Filesize
64KB

Download
memory/5428-1698-0x00007FF6C0A80000-0x00007FF6C0A90000-memory.dmp

Filesize
64KB

Download
memory/5428-2166-0x00007FF6C1EC0000-0x00007FF6C1ED0000-memory.dmp

Filesize
64KB

Download
memory/5428-2101-0x00007FF676100000-0x00007FF676110000-memory.dmp

Filesize
64KB

Download
memory/5488-336-0x000000000ED80000-0x000000000F0D4000-memory.dmp

Filesize
3.3MB

Download
memory/5488-466-0x0000000007720000-0x0000000007730000-memory.dmp

Filesize
64KB

Download
memory/5488-177-0x0000000074C60000-0x0000000075410000-memory.dmp

Filesize
7.7MB

Download
memory/5488-180-0x0000000000EA0000-0x0000000002CEE000-memory.dmp

Filesize
30.3MB

Download
memory/5488-1529-0x00000000031F0000-0x00000000031FA000-memory.dmp

Filesize
40KB

Download
memory/5488-186-0x0000000007720000-0x0000000007730000-memory.dmp

Filesize
64KB

Download
memory/5488-188-0x0000000003700000-0x0000000003708000-memory.dmp

Filesize
32KB

Download
memory/5488-187-0x0000000007730000-0x0000000007B14000-memory.dmp

Filesize
3.9MB

Download
memory/5488-210-0x0000000007680000-0x00000000076B2000-memory.dmp

Filesize
200KB

Download
memory/5488-218-0x00000000076C0000-0x00000000076C8000-memory.dmp

Filesize
32KB

Download
memory/5488-226-0x0000000007C10000-0x0000000007C3A000-memory.dmp

Filesize
168KB

Download
memory/5488-234-0x0000000007C40000-0x0000000007C68000-memory.dmp

Filesize
160KB

Download
memory/5488-242-0x0000000007C70000-0x0000000007C8A000-memory.dmp

Filesize
104KB

Download
memory/5488-250-0x0000000007C90000-0x0000000007CC0000-memory.dmp

Filesize
192KB

Download
memory/5488-258-0x0000000007CC0000-0x0000000007CE6000-memory.dmp

Filesize
152KB

Download
memory/5488-266-0x0000000007710000-0x000000000771A000-memory.dmp

Filesize
40KB

Download
memory/5488-274-0x0000000007D90000-0x0000000007DBC000-memory.dmp

Filesize
176KB

Download
memory/5488-284-0x0000000007D60000-0x0000000007D7D000-memory.dmp

Filesize
116KB

Download
memory/5488-301-0x0000000008300000-0x0000000008312000-memory.dmp

Filesize
72KB

Download
memory/5488-329-0x00000000089C0000-0x0000000008A4C000-memory.dmp

Filesize
560KB

Download
memory/5488-334-0x000000000D1B0000-0x000000000ED7C000-memory.dmp

Filesize
27.8MB

Download
memory/5488-335-0x0000000007FE0000-0x0000000008002000-memory.dmp

Filesize
136KB

Download
memory/5488-342-0x000000000AD10000-0x000000000AD1C000-memory.dmp

Filesize
48KB

Download
memory/5488-345-0x000000000F890000-0x000000000FE34000-memory.dmp

Filesize
5.6MB

Download
memory/5488-351-0x0000000010400000-0x00000000109B4000-memory.dmp

Filesize
5.7MB

Download
memory/5488-362-0x000000000F4D0000-0x000000000F562000-memory.dmp

Filesize
584KB

Download
memory/5488-385-0x0000000010360000-0x000000001038E000-memory.dmp

Filesize
184KB

Download
memory/5488-465-0x0000000074C60000-0x0000000075410000-memory.dmp

Filesize
7.7MB

Download
memory/5764-1393-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1519-0x0000000002470000-0x0000000002478000-memory.dmp

Filesize
32KB

Download
memory/5764-1475-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1462-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/5764-1463-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1419-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1408-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1523-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1524-0x00000000024A0000-0x00000000024A8000-memory.dmp

Filesize
32KB

Download
memory/5764-1522-0x0000000002498000-0x00000000024A0000-memory.dmp

Filesize
32KB

Download
memory/5764-1521-0x0000000002488000-0x0000000002490000-memory.dmp

Filesize
32KB

Download
memory/5764-1520-0x0000000002480000-0x0000000002488000-memory.dmp

Filesize
32KB

Download
memory/5764-1514-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1510-0x00000000023B8000-0x00000000023C0000-memory.dmp

Filesize
32KB

Download
memory/5764-1518-0x0000000002468000-0x0000000002470000-memory.dmp

Filesize
32KB

Download
memory/5764-1485-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/5764-1512-0x0000000002458000-0x0000000002460000-memory.dmp

Filesize
32KB

Download
memory/5764-1517-0x0000000002460000-0x0000000002468000-memory.dmp

Filesize
32KB

Download
memory/5764-1486-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1516-0x0000000002448000-0x0000000002450000-memory.dmp

Filesize
32KB

Download
memory/5764-1515-0x0000000002490000-0x0000000002498000-memory.dmp

Filesize
32KB

Download
memory/5764-1513-0x0000000002478000-0x0000000002480000-memory.dmp

Filesize
32KB

Download
memory/5764-1505-0x0000000002380000-0x0000000004380000-memory.dmp

Filesize
32.0MB

Download
memory/5764-1511-0x0000000002438000-0x0000000002440000-memory.dmp

Filesize
32KB

Download
memory/5912-3420-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/6004-1315-0x0000000002E48000-0x0000000002E50000-memory.dmp

Filesize
32KB

Download
memory/6004-1298-0x0000000002E10000-0x0000000004E10000-memory.dmp

Filesize
32.0MB

Download
memory/6004-1317-0x0000000002E50000-0x0000000002E58000-memory.dmp

Filesize
32KB

Download
memory/6004-1318-0x0000000002E10000-0x0000000004E10000-memory.dmp

Filesize
32.0MB

Download
memory/6004-3031-0x0000000002E10000-0x0000000004E10000-memory.dmp

Filesize
32.0MB

Download
memory/6004-1316-0x0000000002EB0000-0x0000000002EB8000-memory.dmp

Filesize
32KB

Download
memory/6004-1313-0x00000000013E0000-0x00000000013E1000-memory.dmp

Filesize
4KB

Download
memory/6004-1308-0x0000000002E10000-0x0000000004E10000-memory.dmp

Filesize
32.0MB

Download
memory/6016-1503-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1481-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1483-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1490-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1494-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1499-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1480-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1495-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1506-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download
memory/6016-1508-0x0000014D9F970000-0x0000014D9F971000-memory.dmp

Filesize
4KB

Download