7fe21d2e184759989b487be1c0583d586f398d1060228a4384e2aa5a224ba0c0

Analysis

max time kernel
469s
max time network
470s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Prax (1).dll
Size

8.2MB
MD5

8c68a4a14bf7b18597377a7318813a53
SHA1

74a47ddfaf89718076eee1c4a3c362a6bb799e09
SHA256

7fe21d2e184759989b487be1c0583d586f398d1060228a4384e2aa5a224ba0c0
SHA512

c7b37190648b3a50fb679c8a7459952f6cdbfa081189c5d91df106d727f3c8f4c8ffed1479e2f064ec603d240d9b03f1fdb69ab2f0f68963a0b3b02058830645
SSDEEP

196608:mLKcsvdVNkdtxGhUKUw5Azp8QdUTvHFqvPs6yoNlgLdt450zK09K:mONjyxxKUWAzWIU7HF20v93454Kd

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rundll32.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rundll32.exe

Executes dropped EXE 1 IoCs

pid	Process
5132	StarZLauncher.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4044-0-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-3-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-2-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-4-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-6-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-5-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-7-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-8-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-9-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/memory/4044-52-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp	themida
behavioral1/files/0x0008000000023509-1122.dat	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	StarZLauncher.exe
File opened (read-only)	\??\L:	StarZLauncher.exe
File opened (read-only)	\??\N:	StarZLauncher.exe
File opened (read-only)	\??\O:	StarZLauncher.exe
File opened (read-only)	\??\P:	StarZLauncher.exe
File opened (read-only)	\??\E:	StarZLauncher.exe
File opened (read-only)	\??\H:	StarZLauncher.exe
File opened (read-only)	\??\I:	StarZLauncher.exe
File opened (read-only)	\??\X:	StarZLauncher.exe
File opened (read-only)	\??\Z:	StarZLauncher.exe
File opened (read-only)	\??\Q:	StarZLauncher.exe
File opened (read-only)	\??\S:	StarZLauncher.exe
File opened (read-only)	\??\T:	StarZLauncher.exe
File opened (read-only)	\??\G:	StarZLauncher.exe
File opened (read-only)	\??\U:	StarZLauncher.exe
File opened (read-only)	\??\W:	StarZLauncher.exe
File opened (read-only)	\??\Y:	StarZLauncher.exe
File opened (read-only)	\??\A:	StarZLauncher.exe
File opened (read-only)	\??\M:	StarZLauncher.exe
File opened (read-only)	\??\R:	StarZLauncher.exe
File opened (read-only)	\??\B:	StarZLauncher.exe
File opened (read-only)	\??\K:	StarZLauncher.exe
File opened (read-only)	\??\V:	StarZLauncher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
186	raw.githubusercontent.com
187	raw.githubusercontent.com
95	camo.githubusercontent.com
100	camo.githubusercontent.com
101	camo.githubusercontent.com
102	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4044	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612088150993355"	chrome.exe

Modifies registry class 49 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Libjector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Libjector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Libjector.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "2"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Libjector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Libjector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Libjector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	Libjector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Libjector.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	StarZLauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
5452	chrome.exe
5452	chrome.exe
5060	Libjector.exe
5060	Libjector.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe
5132	StarZLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5060	Libjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeCreatePagefilePrivilege	1852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5060	Libjector.exe
5060	Libjector.exe
5060	Libjector.exe
5060	Libjector.exe
4836	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 5056	1852	chrome.exe	91
PID 1852 wrote to memory of 5056	1852	chrome.exe	91
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 4444	1852	chrome.exe	92
PID 1852 wrote to memory of 3560	1852	chrome.exe	93
PID 1852 wrote to memory of 3560	1852	chrome.exe	93
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94
PID 1852 wrote to memory of 1452	1852	chrome.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prax (1).dll",#1
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5c8dab58,0x7ffd5c8dab68,0x7ffd5c8dab78
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4468
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff67f85ae48,0x7ff67f85ae58,0x7ff67f85ae68
    3⤵
    PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4404 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4860 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4424 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4548 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5412 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4416 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5564 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1964 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5936 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5948 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1996 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5564 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3084 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1660 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1552 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 --field-trial-handle=2004,i,18391803538120119750,6352086759919976621,131072 /prefetch:8
  2⤵
  PID:3148

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2900

C:\Users\Admin\Downloads\Libjector\Libjector.exe
"C:\Users\Admin\Downloads\Libjector\Libjector.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5060

C:\Users\Admin\Downloads\StarZLauncher.exe
"C:\Users\Admin\Downloads\StarZLauncher.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5132

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4836

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a829cf2458c84d28bc00c619c47aad19 /t 5140 /p 5132
1⤵
PID:5504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x4e4
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
326KB

MD5
56fcce1e196bca8531644cca3bd7f9bf

SHA1
8de29eb2ba703cf628c5664e0ad9bdd677f7c586

SHA256
be620254eac5e0c239e88a0372ab2428a9a6322cbe3843edfdffdcf382ce1c32

SHA512
93a4923341b99810a5d6700e26a99a525f18554380714afc3feaf9244bbe23fd4a060468899dd1d8575a6cc2c542566c2912fecf1d4f67c62cdcb77789eabed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
133KB

MD5
4874fb82da9e619ba014c987a9d29f4e

SHA1
496a06b6bb1551f79ad40d25b06cc63c4754a5ff

SHA256
d24e3cbe3927d6225fb5aa27b745caf8b079266e9387c1b755fabc33b48c60f4

SHA512
488b6aa4ed0e810311b9a40d82707008fb01036aec8abede9e947ab9c6495b9455691caa7398b4f597546237aa3f34cfc10c7687889952b1db706c4bbe542efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
136KB

MD5
781db5b363abe3e322d3f8ee548c88f2

SHA1
19102e7ed0cefe1659bcfbcdbd1e3b69e0916ecf

SHA256
8db01a994dd48ae30121c6693971ada5ca9e0f73b7abc0c81fa8b2edd3d7dc33

SHA512
38db36107d0158bb43e8684664f7d416ba155cac95b7fb936d275d7350178c5ec1c6d2e85e36a225077310ca0cb20322b428e0a3a004d2f87241f6506a969585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
46KB

MD5
b4e4c40ba1b021933f86142b1010c253

SHA1
8901690b1040e46b360f7b39ecb9f9e342bd20af

SHA256
a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae

SHA512
452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
19KB

MD5
16c0a2c82dc0ab50f23123f7ecb11f51

SHA1
fbaef7794f352126af25aedaa99f1bc22d131f71

SHA256
5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d

SHA512
0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
95KB

MD5
0f978383950b924d31b77aad56c0ae79

SHA1
4481f7635c1cf3d98c542542d0106cfe498446e1

SHA256
afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77

SHA512
b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
800KB

MD5
f941c2c08f149ec278a55f7db3bdfee7

SHA1
24b15cb166be8be824361ba53180cdb1d292af9e

SHA256
0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0

SHA512
64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
94fd864eff41d2466c55e3d0d47e92c7

SHA1
2c8ab5e8d1ac7f09af3c09de7575f8ad55706094

SHA256
b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248

SHA512
4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
47e0f4248c634be5cedb46bed6d81ae6

SHA1
bdc8fa7b22229a0fdceced553dad64bdf2364bd1

SHA256
bb6129dcb4e1ec91c91116293af9545c4550a78792cebbc74216a193b239bf40

SHA512
7f7352b98d26648d532b1ca8c21df9306070a7e30791bf19c9b525e2046b48d06c6cd02e70db0c48ce29e3938f3f993d9881d0421fba0232d9d46f5cd9e0146a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
44KB

MD5
13c12dd8035a11f88f36de3b9dc964a4

SHA1
25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6

SHA256
f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171

SHA512
7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
48KB

MD5
0f2b395cc63db1bd8a5d093e558cbdd1

SHA1
833d0657cb836d456c251473ed16dfb7d25e6ebe

SHA256
f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d

SHA512
e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
21KB

MD5
6b528d140a964a09d3ebb5c32cd1e63a

SHA1
45a066db0228ee8d5a9514352dc6c7366c192833

SHA256
f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208

SHA512
d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
21KB

MD5
c355eafacb45a36e6f6d6dbd52b55b95

SHA1
2016f7f6ab53f96e21204b4dee24a9b8156f5283

SHA256
2dbe980b7a73c9d1cc2779423ae78b1e4521732934c87a29ef5141deb8e436f7

SHA512
0cc5cfcad9659b6d2bdf9f28563905acf3cce6d2a9c3ca7b07d15a2700aeabaa162ec0cf9cc04ee86983470924d5502b4d4ea0e74e00eb31e523f463ba025dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
65KB

MD5
f1fc61e461568046dc2698352c29268e

SHA1
dc5703281b3342f0ce7abfc5b4d0c436fc58e5e3

SHA256
cdacac9f40b1d5c881189fb9737871bfb0cc8be4498d2b2e6268b4655ecf3e52

SHA512
45edada3cbff374838b628c434f87444da8b2d8b1c5b07b9016f153877add5b8f353c259c66832db7fd4e3ae2c5aeeb05a44b3c592d2b3c60e747ef4d0a600cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
150KB

MD5
0b1dfab8142eadfeffb0a3efd0067e64

SHA1
219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c

SHA256
8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954

SHA512
6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
21KB

MD5
bd84da3a0e12250829b9f698c709fc4a

SHA1
2d6015d88fb9848dba8d7fd160b16ecb7d402db7

SHA256
bdbaf95bef3c2dc8d077978f2d05b04886970fa3b3d238d8b4e7f5c3f966e81b

SHA512
9dc5818adf84a5dbf1cb8cf541711f8d73ef36f04b2bc734a680c0a2277202d092c08510ccdc0e8d90a8b6e8853c5076a2b1fbbb4756ff0cbba6a311720e2c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
24KB

MD5
b425a3c0c715d4ba7c6bf4cec5df69a5

SHA1
c3bdd73bbb0ad57b910718a10fa2ceac8ddb778c

SHA256
78027f1f209368cbf00394cb383caf948bbf1c642ab94934cd0a9ad266530e6f

SHA512
125f0eb751c62ae74682f03ebb3e83f5ee93f5c22b2b94a4e3d558cc3da04ca7e2f0f0b9c788c9b9abc32b823c849919b74d9f13662a920d8cf0906a661e676f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
22KB

MD5
4706a7442fdd39a4da3e5be65fd6d2c4

SHA1
ec12e6ad1c460b2df53d0f27bd10becb1bad22b6

SHA256
18e182bbf8b402877e45bafdccf984e66a8ccec2ed9766e1ce521e9f73bb43a4

SHA512
f4a4907ecac396dd8173ed2c3a9c38d62e83c93b695fa905e1cf522050eef413317b4733240b66a10585379e2b55baca2a792b968f10a4acd140525ffb539b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
45KB

MD5
a26ff70d800993d6bf2e3c8a422089d6

SHA1
c5a37abb9130f5f60197d2eba9b15bf973144b30

SHA256
7da064de77fbd05efda1558ca289f6cae9e23f2f01213835c5b97e3d8469c577

SHA512
7436a872f5a18f96233612725dbc80bea0e7ce006407012b7d6d20fee20b4a34ba01aa3715f285a62845c4036470da8e749ac8196dfdae20f8c6a347042809ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
777KB

MD5
02f1e6a07990eaa5965e6f39bafec8dd

SHA1
52b7e802f434a56efbbf2051b5c3a587a4e86f77

SHA256
a4af770b2335a355861262b7265745b85e35d9c43a881b7a2b9cc50517198846

SHA512
06febe1a6bddf8738bb197ea76df21e53bca61ad6aff6acef310d8a36f234003a32620e0e27306af6122bf67a7506feff34761aa4357ef450042fd76d5c1cc63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07a0c4a3e1abceea_0

Filesize
1KB

MD5
32ffd6c5c860f610033696e1c258d9af

SHA1
4f85bfafdf64d149f54a18ea9fb5802b1475e33a

SHA256
1b091093157f9f5b9d764fddadcd0c4d9723eec06fffa3e409c26f2521f8fe65

SHA512
991e8b6ea874e432df047db34391d0f4e34cf00a5656967ff7f13dce400bee22c454cad4acbb9e0b6f43c4fe00de62509193800ed77f44835a820916ae439209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\230626c44da2ff73_0

Filesize
7KB

MD5
63e22b9ec165c6efd12492440904237e

SHA1
4fdc18663261b064c79b9d7614a6be58e0eee985

SHA256
e124084976b1a34687b39bdad1f21b681285da6fe049ad4c76456b4f242cd7b0

SHA512
99003423b793685f6e9796047d7b09d3ced57e2f9356881b80c3a4888d22cabddbc437a3433a20daebba4220c0fb0db91ad4934fc3d1e97954b77a2eb1c81382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c1b71d6c92f4ff2_0

Filesize
3KB

MD5
3b56c4f107e247285726e6b0ac273097

SHA1
fd28be3cbc8242fbbfbb29110b1f27d4be883016

SHA256
0bc8a5bd826384b9864a062b57779424d445d02881d7a68293ade0e8af8874b4

SHA512
97dea950e69d943e572b7df84eb3383c92ae157b2d7cc6f609fd3c4b44e74aa15a40543ffd43b63d9f5e09505069631f1d514931be457401f5b460ea5d947781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50e7ca177d06e22b_0

Filesize
11KB

MD5
d989ef7c0c34314877f5d66fda6d1a54

SHA1
34385a6a251921387613a1e46cf4c6c16ea567d2

SHA256
10d0da301c1e9cafaddf8cc49d933e459c7f1c57c4b537004f69a61b18408e5b

SHA512
106958eaeb6110b798970ab1a2592eb32fd2a245a5912a2b266b9c6243fa082dee6b3dc854630cf11bc5716a78af7f56ca070af8b41bcf31e4be32cd055c0d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c0d60680e2749d2_0

Filesize
366B

MD5
48d89674af77274c68a1575ae18e7fb7

SHA1
e7453dfe30a590c8c5a37f0a85fbe5064ff94789

SHA256
ad321bc742475ca51187f3232a6aa98edc3676d4c8e117d93b6f153fc43ae33d

SHA512
420f4c60b47634aa1899346dd462bffce586654481be1d315dc7a987797e799833536251b58f35012ad493256cf24914da199ef6cb0dc92de1409747243c93ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\657450aa62a8d2a4_0

Filesize
34KB

MD5
85ec852c3bfbc23282172e3174f17e8e

SHA1
3b3fd5c51cc7089891c4bf6fa84d96aeab792349

SHA256
f556a7947232b3b493fb322ee98c391b381888629b33aabca357d6e94593681b

SHA512
ae426db03be3b175c0b20c58204c6b7f87cfe1f62e3edd6408fe22888ef45213dac571469ece69db402fe81b31a768a3bda3f5e169d288514d5f772697fecfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\77fde0ff6ce96276_0

Filesize
3KB

MD5
c7a449e49f19151aa7bd09d3c8078a36

SHA1
a3b9655671c41cf4ba2f49ea9bc1596104853a0b

SHA256
97611901ed5b22ac8c37f14244bd981d65ebd7701972283763e448381b14bf9d

SHA512
f76beae13e2b9a685d73b08c34ebcc7e69f5874f2b228aec95dd696b14b184e19f7a09b527f1cfe6a0291327c803d4c49d787717bc6d095314b9194038c604e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7acf6d0cbd90e89f_0

Filesize
5KB

MD5
d62b60a6e53b0f205f9cf8bd2aa2cf2d

SHA1
cd2e87f35419800808d3ed9e4a862d3aa35e2c37

SHA256
ebd37d60b8d80439204b5f51c935bfc87c56d070bd2c04d7594930f1c9138167

SHA512
e40c44f892e29d9acf63611f7137b6cadccc91f7ff266bebac491e8dbddb62429c0e6d2d2b061bca89bb5715ae7268368f8be825dd0cd2bd7d2d8a2a33380d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\890341016b4cb769_0

Filesize
1KB

MD5
018c07018ae306f245ff63a687f14caa

SHA1
99b281ddcad109567839cd108a7167cbbf61b85a

SHA256
b53665c86b40dd0e0ad388fd2350b1450f94e58027f988f5cb6744f54231beb7

SHA512
84f0f9a125634803c9c4bf21ddc296a510d6000a75ce297617763eecdf9c4c639932136ff3da46f9852a9159b5a543f54dd128ec563c1f083c0fd8d2aaf48472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b0e541cef36724d_0

Filesize
3KB

MD5
2ccbec3d17c638433bd3ee6334f88005

SHA1
16c5338cb42763fc6b4f848e49da4da42a3b2b39

SHA256
e5607291f1df228d7f8d3c0795b7be61726aeb1f9bbdcee3affd8acc35d366ef

SHA512
46d5477af6638f5c95a685dc6acd9b44d6a07330cd2b88a647d40f9e757bf14e830bf8e46f671850def418a6c89b5ad4a2e587d2c0ffd150e069fe065fc8d7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0

Filesize
324B

MD5
450332a301f3dea6c1dca8eed8df2608

SHA1
b8f7d29a122a9b87947ed9161b7a94540e1e7fd1

SHA256
9ce58b47ef2f7087d41bb81a4027a999d55f35466d2456d05edbb4f47ab141f0

SHA512
ebdd551549b1e3c26150c9a594a73e7eb554786e09ebf074c84ee3c1aba24b6e0629798e3619c548a09c55280928ff08bfe520d617d367d64e2d05c0778f65ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c93622985013877f_0

Filesize
2KB

MD5
d2547f300701ee972184f62b6a1e60c7

SHA1
7fba21399c576c5f85a8844d182b507b01241263

SHA256
cae193359fe842e2a0c697da53712315f8916471fbfefa6a98a41565187b228a

SHA512
1e31c84134aa670b1ee5a5e86da44c38bd6883b61953bd40c2e64521ab1450a6623accf0bd1204a49d8b369dd30ec26063599f0d57401408f3e7a9eb952d278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc9bdff952f292fe_0

Filesize
2KB

MD5
97fa546a76ef0926da3511e66b34240f

SHA1
b9dd2933003010ce66648b834dd9fc78585bd1fb

SHA256
dc718d02fe7e8c777744b4601b56119cbef2d72f3abe52e9853b25c2ec5bb2d2

SHA512
ed9765fa9393114c4eeaf09df97824ecef976eb9c05c014cce6ddd51016d246e389b46bfbfce2ebda92e09b9d2f1c17b2ddb35499163748ffdc4eb10d221e3b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d7b7cf01a7bf34ee_0

Filesize
1KB

MD5
1ca88b4851189e4afedcb3dd524f2e71

SHA1
f2a31c3acc8061ebe440110afffdfc67d2f565dd

SHA256
c129643322417862f42633e011494260185433a7284f03bc7ff0501b17f78ffb

SHA512
72450935cf329e21ce96732d630a1d15d2882297e2a6423571f628b1305fdb0ea8207061501d6dd320aba013c2fdab2688c15375ee7357e9fbab1614e84bedc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e005ea865d7fda54_0

Filesize
1KB

MD5
4b52fd5fa98c5ce9f595f6af5436ade7

SHA1
118ed2e5fa864392a38ef1ed59374bc1779670a5

SHA256
90fd98540ea8506c5018b436bce832d12e205bcba4a5e44d9c381c73a95e4199

SHA512
4f8ae2bc8dd5727138e559c046f92365ce4996166319f1e51c3ef6081be537c94c5b196189bfe351e1887682ec3626d10cf3419399653c753bf5adc904e1c840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\edf24de07858bfff_0

Filesize
61KB

MD5
5a22fc7c16337c81161db2c918db4ac6

SHA1
b0322190af94c1f0a7ecc761b66fdba370e46b6c

SHA256
6794163dbbaa880cc24c1b9b912b873d211d1f61d6afbe05ac1c9a9634ec3bba

SHA512
37a334db3731954b0a894b51620045269b7976ab84fba743ee8a1587782cdea3a4124256efdf13d28c8b2ecc03a8eb658a85127300ce50ffa118a26c1bf0d9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f4520311e39eda26_0

Filesize
4KB

MD5
05290e78cddbdc77b2ac758dda37a30c

SHA1
f80ffc12e77f761ac3ec04b70e3ee41519744fab

SHA256
6dad22e0f8e1f6225cce5061c458c7293218369d37871efd8785552c66dee3e3

SHA512
6134bfaa9aa52bb902d22e418c018f8af954ee169439ee4f6ae7012d8a74276397ea4fb264629651338cb3cd926a74a1be5688773d86b8f127ce9ba32b736fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
24246728a7787b865e2a6611d7222e97

SHA1
fac1fcdc0042b7545bd7ef9d874b8710cc3819b2

SHA256
17aeb08df3a5dae1318d1ccb2b8ae56b933d582a6915527e08e75abeec258727

SHA512
ad22a1acded9a59aab82f1eff4a861e21d72d2fa0b78bd146d4774e0101a983bb521bbee0118be1fe9bb8c3ba76382152b40a6505377e7c9cb813b4838a6cd62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac513d4f757548a379650b387185e390

SHA1
db810274ff5dc26620f9c4c840be1efd091af88d

SHA256
404194bfb2b75f60391d0ecbc237cc378479d4563e4e202cc57bdf0db226a8df

SHA512
839718c88b9bd35f5576e8bbd7fef368bc63c3f43f97b6fe696475af47d738282fb1be3679571ff0ec73b00a30e7f4e5b358a3dc744bfe0e507ea92a1711bc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72de6a95842ca2895bfdc1da5f750f39

SHA1
f8323916e25fadeefbbf20d119e5806e372c47c8

SHA256
26fc11783f0fed978e421f6fb1f5a87b67bbe94998ae90322a17429d65a38d4d

SHA512
f9c9c4c5685aed812d6fb2f1c7a7cabd84fdeed17207c41711205ce81606eb1de477fee15b1d528369384511880e64e6530cab4aa398c783251d79b3a186ad93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
48KB

MD5
88d884b62103a75e4f97c98f530e6a7a

SHA1
adea598cb7fc77d3469035283ca5ca8765240005

SHA256
4afbef561d87689d739ecf3a8ef0b448a02d9fac05921a8c384ef161696f2dd8

SHA512
75cae09e474a9118d2b90eef1863ab8fe0046bbc27f74a6c119aeb64b36d6fb062caf5c2a88c5073224e3a4892af63335209bb9469de41905721663826e1e4fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
4a1a01baa443428f7a331afd52bfbeb8

SHA1
ee00cbcd320d50b190746e3088f8d7f32973b7c6

SHA256
6874a9e113ae9fa70d1e70f61ce8b35566112639914cca989fdac619674772b2

SHA512
d7b55cc286c6056e59cca41394ac5dbeefc42639543d39f013fb7129204276374b181911e64870277cf201c86e9dfe6d9dc7a8ba6cd72bef4498956cd1f32f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe592f73.TMP

Filesize
349B

MD5
a1e21327a7ff7b52b96957b244124294

SHA1
1747138217335a2cfb68051939071fd7fbb19e78

SHA256
12fca8cc52d8071d9bf4fc07d5888539af5ab2fc9ee858eabea8467e56cbf875

SHA512
182fbaa5457e2c2ef992a6c9b89a20d02a12225fe2de6ab6fc5381f51a7e6eb5746adb99345526627501b7e82b0b0254be38a8edf746f81e8806dc0ae8c5a781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\39f28fc6-401e-4a7e-98cf-b898512cb9fd.tmp

Filesize
1KB

MD5
7b7fad7ec5197f300eb2b64ad59efb5f

SHA1
470bac929f2d3177953dfafb63f4718d6041e0da

SHA256
bd18b0f7a6a74530239d5754530237e32e8304b92854aa7f4bf2bdf6c7a3a6ac

SHA512
a9e049de3d30df8d2cfcdd6de61f235837599a922f4ea9e624b9f2d21472b1e725d4bfcfab997fcc3cfcf825a5fb916cca4ab2b226255d973016181f81858230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9d5399965520838a9c6b9c328f9421ca

SHA1
838145f0c9469a52b297544fd29be8b35dabb98e

SHA256
097dfbf4e28f4af707b0f618b82ee7274ffaff96ce28791765df884051f30b41

SHA512
bf8ed332782d2e633a4ba52d660eff4fe2d682cb26ad83ac2c27788be77a51f5d52f7993fdc13638308a0630675d7e9aa65acef7ad7f5e1398ca5cbd9b635909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
039f5fea2d01e0a277d2abd958312607

SHA1
76231d0c01f92a5ca88b1d94cff39f43c113221c

SHA256
f4f1ef9dcc1bc36ca165a334888196a4fb60bcf5c85733b18379d16f5b769e4f

SHA512
50135ea5e2dbb3dc8ea89f275423a492cc4ea1964e2b93a47e04bcc8942ac22000c724b2157ad65747c8256cb125dac0f00f52f2e3901fac1197855ea704bbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c2c964471aa4e6a59dd1c22bcb7533f9

SHA1
98e519386e79fe32d63f93b5d438a9f616aed029

SHA256
6ae8d12dc3c11c4f3f1c934eddb0fd8c2ec911c0188a38ace5a1da61237eb816

SHA512
cd005c6ad3a991ef0c7cf0e49d0880530c3905b2873e1a5a324f82a6c774713d26c1defed2dfef41f5de0a4ac4a56fd8ea1888978ac30b4cb3c265d10cf39bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4eba015937bc5f920b60fabd404ec0b7

SHA1
5cc425d99b58dd8822aab1a827a0bc8dcecb49e7

SHA256
c3c15f19b55b7bfe6566dc3167549cad327f288f2e5c36e6cf02bcb17f5af639

SHA512
ad3731034360dbdd3e98bf0f2876527d525d0073e5394f353fc375251dd022dbd8481cc5cbd77a545ea0667c3af6c2d795884cf573b3974bb456852c47a9d729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
058819802ec88bf521117a89c806f765

SHA1
d9575d8342fb988664b6e6104ce0db2cac6960c3

SHA256
eab0447cf14e0c79508aeafe42082ac2d53cc33ba80a0f2f3d3eae3465d1639b

SHA512
1175cb657ed1d2d97aa678f0b98432c95446367a3bc050c84e755acc32282f865373bdfe134bc741210a9e21e568ee555dca3505d0d936de9063b76ce096acb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
414966f6301333422665b41c326e3431

SHA1
cabaa699a76be59fbb18fcfe3e2010280008f4ad

SHA256
d20e698fbdffa87004afefb6753cd9b08500e70ab69d3a029512c16751a9fbc5

SHA512
eed5b45c3d854f6b4e544175a3f3904e3a325658308d5fa6681b60846132f9c2be2911aa24b9c557dad8e638526dcdc6d5a08629d33415d4e15947724ad542be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c29d576bc3910f96e57198c271f596f9

SHA1
50bcb99ce89a1f5eb8d850b1cbc404fe0aaecf74

SHA256
156f0d7c7778994972201ab95c72122e118f6807209a6f85ed42056f6e9e00ba

SHA512
b38cd9dcceaf9b89002977925905a7ca8862f50befeb48b671a6e099a6f02898d4bcfbddad33375dae0008bcdd92b9c36e11d6d6215aab87448711551be55675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4df4de524e0fafe323d2cef03e3b95a6

SHA1
13bbb3dbbd41ea15770844f032a90bf3075779d0

SHA256
e55839435e727b0b476145894d5cae0e0a0a44867a3a68f72cd39828ac33f5cb

SHA512
531094e4fcdecd59f92f6a5fdc1e4838917b11238d938480cc2b94769cc059ba721473609376907aad55fa59735e7ca4c439de359d41e05a8cae82a52903ad12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46f4fa5843733c2603d6ce54e24846bc

SHA1
992c60399bcf289c4058092b5bd330f4ff855f96

SHA256
5a21fd77e212d759e3d52b2ca2ed755d298b3ce62239c24f69d9fd00ae699ae2

SHA512
34df40447b817531b8aa600c6728d26ee482fd5e1cd17eac89b3e5018f58c5e5563cf5f627dda4c09565a8343237adebd832a06e25416783d6bcf95ccbb1b618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4b3044cd41e70c471cbcbe65c97bfb7

SHA1
b3f1b26c28d31de8d88c07280ab9c046d2ab30f7

SHA256
018bec6a88b18341bec960ffb6eef0b1cfcad3e51c185fa7d3bb3e9a34ce8e59

SHA512
36333d0f62ab348746f306981777a5b7f0d37b5b7ccb15cfed55c1722c68b6b6e50c8c760601e6a757aa617d602aa0c96f3127718be67dce1578c8d6762865d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f00460986bdbe0d4545aaf15177b17ed

SHA1
1090d665b468bc94050e493f95114ed025042d87

SHA256
0fda2c7257a52b0bbab2a4eccd86191d67e57d4d93623ab2b682df7b4d80f18c

SHA512
9eb5e67db06e6ab39a9ac6ca5144249f148b7822256af07bdf4d6b86f6299ee89976b80d4ff78b71926e1b08529d822b817e38a6db4eae2f0d81d5a0e500b00d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a79d01b2be17315b647881cfeec0ff2d

SHA1
84acc0a0b827a5d70649d03d0dca4a807170742e

SHA256
84a43880534423f4df9bb8c16d8055bd491f67cddc597e1a95ad6dde93a81350

SHA512
e968e69a98ae513f129acdf85d2c1ca4d3d3bfad572b704e3d6fbf25f15d6138a4695f791b7cadbd53162959be908d294ce60f8ccd8ec5fffa24ca7453b66643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee6907c4e198c2dcd8989267c24e2d4c

SHA1
f47feb321cceca961dae115720d54ab9779296e2

SHA256
5053f792a90bbaf3e94cc4c90e2444ef918f6b6bb5bdfdf8071142a1206c1b51

SHA512
d170ce123c605776f0b5be048a1858d2756df6d277ac6d268e8ced29ff588fc1c43b615f20804d4ed94acd26727d6291430a6f23bf458dc1ecc9444a6af75be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80a484a05cfc486c59d77de00c54d49c

SHA1
779592e12fef869f6f367044822f752834beaff2

SHA256
5c6f370198cadceda7c2754fee5da76d1aefa9d26410a5cd68fb1de5b4e81461

SHA512
3b9be51eb0b564728522dc5334a6879fb8746edec5dafcd90ffd624681ba70403aff9b843a7b06c87a96e8bf7d1e5b057b694ee01fe3a0a0a13eec311e074c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a7b0c93a3bf29340fa90b01d3c5020e

SHA1
b35216f695773d3c41cfcfebef3f1aedec1c856d

SHA256
507adb440d8994e2a369b88e6f91ddceebea388a88021e4d9250cbfd1acd3f09

SHA512
ed2520546a46e7a2533ad0eb271b5a974ad5670829614a5d524f304f11408d624e7621080e120c0bbfc88956896cde78bbef20c72d3bb36951ac574fbd768fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28b87d2ea8321102b0681a1ecc2aa986

SHA1
d22a4382135dc0c7d67c460bb2e10eba7425e607

SHA256
886a34dafef95e7ce737cda80dcdab3b0efc16815d2d2b231906996231c0a74b

SHA512
01d4e0cdc76395897536572e6729dba017b7bd4dd137c0fae11cda48c1f6edc494f7acb8d51a707fe445c5f19609d8e2a64f6cdaff7b67bfb8092906f59fa9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f56e8b94165e7358ac0691ec95360f4d

SHA1
5376175729d74238085c28f527c98048e8c9e2b6

SHA256
2f9da0a28269e44c5507e329bd7e625fa2116ecd687ef808784a703c2270bee4

SHA512
cb9876b55ec7aac36636a89c1da025309504390d64bc510dcdcf96fe69b218d4911255ae5189b9ec339d1b8ecaded6720b6fcd742ee7853ef2fb2873162af24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04472e9ae9b680108abf50d7c3258b78

SHA1
35d4b989993e064da34495086d66c04d7f6cf05a

SHA256
98b2c93e7d9c28193d2f19663df759b280a35811692de9fad46619b6eee2c384

SHA512
02a58aa7e7d7af53cb5e5a1976e3e6a7507bfe7f13b27a12d3545f308b6532ff97733a291040657332fd5f6fcc89a404a2c33efc9db2b87ba77fbea9f37b6251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5580c0b2f7517e4c7b15a5cae1c7b69d

SHA1
320630ad52c068f5a4952c929e0714ef0aa5d329

SHA256
a9338743708682380e9cd62343dbd48f0a6763dbcfc4520b161ceeff609f2cc3

SHA512
0e4718dbcf080db0026f9bfe4950ed07ae4f26a4913e593cdeca2bec8ab90bfd7b510006848022f92130657e591196bc2cdc53fde80119ad6b43ce55eb48c764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
98e5d2fb29711c52c11028a98eeacbd1

SHA1
198662cb7516c0699ef8b15088b009975cb7a976

SHA256
237b63278e6b6ff133af65d9c8589df64df04777a43aa8eab51aba1547a04977

SHA512
193e0679c7cab601347936a07a4cc119bd52d07869f4f44aaf7e840ad37e3ce253d01ef2aad0fbd0cf99aadf75b8db670d48f08920e106fd7cc74a8542809541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
936a51510b73b72b766b0c366b9e1d1b

SHA1
10f134b1bd7a4775676c92c99ca79614d5fc370a

SHA256
e9c673bded49b203f7005b485fd1424cf2f3298cdde76a96fe2684aa75c1a6db

SHA512
b06e593e12c15ca555073356cd822268178e9ed41c85ec636644dd9093a27f4d99fc31a45b101459d300c6217aea26482c283feaf4355b38f6bf9cf5ff1f9be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ce1b7c6a2711ddb4ffb2d1b236c5f354

SHA1
c89981f4f5fe959b9388f83ed27e02d3108c43b7

SHA256
30ef1e26b191f56aab651283c4bff9216d4283ea105c1ba27446750e41362365

SHA512
5073af7aba1acc12ce0c46f4624413423bb238f5fdc78b354022116a071cb58a6439cd02f4ba1692e708803f7a36643e22cf3802faae8d711923f7926bae8fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2608724cf8a70c492ba100bb23c0c730

SHA1
8cef31687d1618cd5e156d24a7386a7ef2ddbc2e

SHA256
0e0343a0485d5a721992348a42e7eccdf9d203cfecab5ab343991d19989b0c18

SHA512
bc5838b4aac23990bcf086b0601524bf486c7f088100333762a06934252d98bf637f3e92fc61c83441c2668465db14dfb20324a46b25174c85efef36df858b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
281e63ed27a7d2bf37bddf3b5262433f

SHA1
b6f96a676630ff164f56a20551420b5c27fdffdf

SHA256
6fdfa9d81a782bb840b229ffb1b7fbacc69dec33178eb135f66efbd1a5c52ff8

SHA512
e84d20be4e20c5a02a693d0ac2a02aff27bc7dde882dc28f78977b8f503a2e3526781cfa287262fcef2659bf659583e1ae8276c46ddad159bfe44c90271172a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7082113aef4cf09b4b088f53016f1d7c

SHA1
dca0c879450e20018b01cf317ff995ca132b7f24

SHA256
60ce5f91babcbada5afe1bf468d709a812bc642e298281185cea4de9db22a522

SHA512
caf77bc7eab04ac588e661d8dc7ead2874a29efd58f258b2a84f20eae318d1cf1f2de182eccbaeb212fd80ad6512064864e26b1cc93474fd34cee05d654e9d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
45a07f842630de6a52f0c9e5668de574

SHA1
ca5330568927fe12d5aca70c0757e77984616366

SHA256
f3ab7e47c1a3733c815a1ee58b99ee200d046c7dfef41075917079acf3b24e79

SHA512
faa3cdafc9e060fc7bc95cf45f33cb59cb9ccc48e48a98d15d4585d26754249d6c259c8af8e95f8758fc8b91fda144eaae81bafe7564fbb549f4f13263d7dc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4ea3e7e7375be3e3b8a933822829fbe4

SHA1
9bd5c3d87c6209d50565a5a858566b844e403075

SHA256
b68e89956f368b77cb457de2ad4fbe3a96ed2ba96319dae36052df1f161d0e7f

SHA512
1223d4ee3901246e74f235621d3867415d8f32ab5661146ca4ca1df21b7f12e3e793e27f2c6fe969aef2268cac19da57144f4168a3efb44d1ad2d96948237847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
976f8b31834a310b11b44e29398c4999

SHA1
e82d316aa7167fd714764acf9bbe0fb5d4755f41

SHA256
6e2b8b487a13acc6a1337a3a259e3993d0d4f43fa95e9e48df5047cc536342c7

SHA512
fc15c485c5f559551e5d0eec945b6796d42e6ddfad29b02673e6838582cf079fcf360cada987c85a45b642815ed40ff0563dbc871f22e9ad2cc6210a2386efc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dd26e931620dc5c117701982cd9d4a69

SHA1
7f69cc13bba6ad6b27b2928059fe6d3190610413

SHA256
b60b6f7b0449ecfb22c38edd84f2b44d6f112a69547b16a3d922e8e2a142668b

SHA512
b78455864ca5452a28c781c4769cde8b7d10f4b2ba342007241e928fab8c60f456627b8f118f3f80a21706c3700f029704c8ed4244c064dbcd82fcad7bfbed41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
49820e0f96ef3409cf3b3295b00740eb

SHA1
b6bc87459e33aa1c3836734b53a3b0438d3c6e9e

SHA256
c79395b572afab8d8ede1bc4addf3787c5ed796e9e60177d80b22b0df8933250

SHA512
9d640b2f200d8c73693716148db51943a50a6b4713732c7bda9d2b4fde07c79321467ef94f8a3b1ca44923af6ac8de34ea4dd75a8387373104ddd0790595eff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
511da7bd8e7a8b30fbb512abb9dba707

SHA1
30f94ac28c4819e650d9d1451074c5970fc5e874

SHA256
b7bd1cc4e34a2bbaa28818fff0c0e69286beb13dd2784094abe85a11a55d4564

SHA512
c3eeb5e79900e01892caf93c5db96556cf1d4fde354b1a6c98d4c6bcf89725c1d88d90094e1b2037da553177c1c5e001e4f26d3f91d1aa65258e3725208e61fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
31e04135871a4993b18874bb9a760a7c

SHA1
d051a7cb6f8fd429e48bf7a83b6e2cc74e0fbfd3

SHA256
0c32f1b45be5d83de2f5184c6ec55adca708e590a62b87e47f782741936bd5fb

SHA512
9b6dbe52011c3df808eb73951b9e122758d16aea6d3bb3998631a80bcede661070a9188be8598a515be65dff04e5d111e114442c44330444fec59bd5da15ed85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
25f7afb048f97e7db5d6a4b8d8cb8c0a

SHA1
818752d44234eeb0891d806ab198ae57e2128ff7

SHA256
ae04e12999e39655fec675f33d830d461aa7eda805fccfd0b90f0512b5618c4c

SHA512
6cdd859545e68e3eaae2a7d5cf8ab59ca04a05c41ea65568ea8123026bb1f6fb62ee197012bfa86a470a7d3cea746467a0fff9d878fddda35ff1f05def26b941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ac0f.TMP

Filesize
120B

MD5
ae4b32d9ce322451e2fb172e21b09e2c

SHA1
16737d46679f865d6542e61dc204b81fca5c5a31

SHA256
98f2105a134de4eec74c7fd27ecf7bc304e0ed749d9fb79371a852c1b12f8ceb

SHA512
3613a4c4aecd81e06c610282b1531749da48015324bd81f9e9fa2b3f985fc235b1b8af16729644469d79d91dc0b904e91a8707373e406a7e101debba36267a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
a6eab950a748107b0aa8d7da5fffe667

SHA1
6dbba13572bad4066c3ed1496180fec98d72b90b

SHA256
6407d43b33ad6f0ffcbbca993678d124adfe141bb98709f1f739bdc004f07fb0

SHA512
164160d96a05a8cde1bbf23633c2462ccfc577470f60e6f8dfb876f28d0eefee4e811e7e3c8bc504f57f8d39f5be94ab5a19d3accc1508af4f3da81c27dfc543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
ac2936433241ec993172d64f114cd451

SHA1
fb25b5ccd6fe03a9121a6bb5df6ad0a61134dc1e

SHA256
772435391630bb0d15894775aeec72f17df731fa80b098ae4573e09be6fe3372

SHA512
72af248d11603603506f1a5c1669c012b9215e0c712cc70486b2d4f1dfbabb7ac5ff536f5c954f082d29e1801ea7c4d53a87bf9b3ad867b266a2430761b66c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
a9f75f11c77dd10fe4ddcfe7af95d603

SHA1
a063cec67e5b28b1962e3176679e58126db26ce5

SHA256
7fff0d84a9ad5c0b003d24ba5b3d30844d87d28a666583c1e8a0a19690f85c08

SHA512
b040463f2273bfd25eec8d631d85fe669300ea4cdf9bcb79767313baa93579e3908eb3e71b53ffe3049291e58a8d1f964678edcb56640f40a51d8a14b0d9db7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f898.TMP

Filesize
89KB

MD5
1a4f9588eab43617ca51bf7d0c31a88f

SHA1
f36932a5106fad5a15e6afa477ca482ea4d8befc

SHA256
bb874c191f452ec9fd371a7d772bf4bd09d9a679d777df3133532ce4f301d666

SHA512
e5306c33505553485da2ef07d414139f047ce529a4588a763642654c0ed4f332d0886d93f9fc4c8f913b0e7b937f56644d9b45b8243f937d4e306b9d1c7dbdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\de80da5d-24d9-4ca2-be69-4226c16d3bc0.tmp

Filesize
97KB

MD5
aa677eab44698ae3a5b4e6f15472f60a

SHA1
696ba15fd1cd0c2fd90c2c60bdd5c106cc8de4e6

SHA256
c3d58b0155b50d6b5162e3a4587e8c3e925dd5570c00e4a2fa954e8dd5bda736

SHA512
97bcc72db2de562eaab68c95c26a3be98c6986b944f855fe2aa5e3f2a81f5d89c0e79c785e2ea56a961122832eb02a4dfedf66920642911b437b7f10c6ad4f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\Documents\StarZ Launcher\Settings.txt

Filesize
201B

MD5
85df3f252acc57e9ff8428b707fab0d6

SHA1
affd62d63347ca7af7a1f831fad3163082c39d0e

SHA256
5b675be826c58718eb71b30c5ac51a350fd7d3c43f27fa4c72bb76a7ef7157ad

SHA512
222a63125b1c453d85957707a3b44464c64b99c209cf829149e4e0004d818cd2e65bda49663e456f5feb6864b3505b9573fc7885baaa5b1a2ac84a7f9424d3a0

Download Submit
C:\Users\Admin\Downloads\Libjector.zip.crdownload

Filesize
363KB

MD5
6b890ca2c7c7bd75207fd26e48a4e4fa

SHA1
a166010bc8c9238812cfe87cde71d254bf7ae30a

SHA256
758d4bd9d6c01616659a6bc36b88afd1bde9ecab6d341c3d1da5d085730b0a03

SHA512
8a73c9fc6c993fa6327f9f3ede14c176f691983d814017d1ac8aad59beb75b0366d561ad84f731a4997ffb052b17cd3ad5da17f0fe5323393363f714b14ae36a

Download Submit
C:\Users\Admin\Downloads\StarZLauncher.exe

Filesize
30.9MB

MD5
c76023ed37a0ecf70466bfb6ff11c4c9

SHA1
c1eda4b4e163d807743ce65770e65fad76207f5a

SHA256
1a0a51891e4526f39e50b4d1194407fef19269f042e28f9995513adf92800509

SHA512
86fbf831e99f3a6c569a88ba763ad01fb56b67333271e651ceccb67147ed7b113de237a6c9a2e12c012e7f087c72c17cabf18cd2de2b8a95a6b9344522029a9e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 606446.crdownload

Filesize
8.3MB

MD5
b381fe02377903a1a88a179e88f7fedb

SHA1
e91c0faf351deca21db1d8c6082409fe18e15d27

SHA256
360c17322f2603a7679edfd80fafbabb85074ba0b485efd489dd04da4d75f3a5

SHA512
e965c723af577c4978d8623f2a1668cef167b8cd9ef6f1524622a80bdfb708bc6151ee575dde99154a5f694262d231e0b50fb7cd4929e6d922c3db872f60ec23

Download Submit
memory/4044-5-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-52-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-4-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-7-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-2-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-3-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-1-0x00007FFD7BC10000-0x00007FFD7BC12000-memory.dmp

Filesize
8KB

Download
memory/4044-0-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-8-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-6-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/4044-9-0x00007FFD5D0F0000-0x00007FFD5E5DC000-memory.dmp

Filesize
20.9MB

Download
memory/5132-1201-0x00000189C3890000-0x00000189C389E000-memory.dmp

Filesize
56KB

Download
memory/5132-1183-0x00000189BF020000-0x00000189BF0D2000-memory.dmp

Filesize
712KB

Download
memory/5132-1179-0x00000189A6340000-0x00000189A635A000-memory.dmp

Filesize
104KB

Download
memory/5132-1178-0x00000189A28D0000-0x00000189A47B0000-memory.dmp

Filesize
30.9MB

Download
memory/5132-1184-0x00000189BF290000-0x00000189BF34A000-memory.dmp

Filesize
744KB

Download
memory/5132-1200-0x00000189C38D0000-0x00000189C3908000-memory.dmp

Filesize
224KB

Download
memory/5132-1199-0x00000189C3880000-0x00000189C3888000-memory.dmp

Filesize
32KB

Download