1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b

Analysis

max time kernel
47s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_7.3.0_x86_en-US.msi
Size

5.8MB
MD5

9c232fe2ede51929244afc5c67e53b51
SHA1

8e8bb0eda09d25c1f44b8abd66a7e15a414b76f5
SHA256

1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b
SHA512

d7ba56ed15a4bb482a69543e6bfe11d0aed4bf6b6b037d51dc2d191e1eaae187d1297bbb7c847d73259c34bb9ee26f26f3689c2592b4ff92968101303be61492
SSDEEP

98304:57AC5TdoYMyLSRpyviWkKPm7I2lLYaQ9OoSwYQf9Ib9XuvmhueA34SHeFblFY6nm:/T+USRLWtPm/O9SwYmIb9S5K3F6Wa

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\Uninstall JJSploit.lnk	msiexec.exe
File opened for modification	C:\Program Files (x86)\JJSploit\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\JJSploit.exe	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\fly.lua	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\f7659e4.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f7659e3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5AAE.tmp	msiexec.exe
File created	C:\Windows\Installer\f7659e6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{31543371-3E1F-49AD-AC6D-E72F218E3508}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\f7659e3.msi	msiexec.exe
File created	C:\Windows\Installer\f7659e4.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\{31543371-3E1F-49AD-AC6D-E72F218E3508}\ProductIcon	msiexec.exe

Loads dropped DLL 2 IoCs

pid	Process
2360	MsiExec.exe
1052	MsiExec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\ProductIcon = "C:\\Windows\\Installer\\{31543371-3E1F-49AD-AC6D-E72F218E3508}\\ProductIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Language = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Media\1 = ";"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\PackageCode = "19403D63BCD23974184F1D0CF7151CBF"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\ProductName = "JJSploit"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Version = "117637120"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\PackageName = "JJSploit_7.3.0_x86_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380	msiexec.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2012	msiexec.exe
2012	msiexec.exe
1816	powershell.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1740	msiexec.exe
Token: SeRestorePrivilege	2012	msiexec.exe
Token: SeTakeOwnershipPrivilege	2012	msiexec.exe
Token: SeSecurityPrivilege	2012	msiexec.exe
Token: SeCreateTokenPrivilege	1740	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1740	msiexec.exe
Token: SeLockMemoryPrivilege	1740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1740	msiexec.exe
Token: SeMachineAccountPrivilege	1740	msiexec.exe
Token: SeTcbPrivilege	1740	msiexec.exe
Token: SeSecurityPrivilege	1740	msiexec.exe
Token: SeTakeOwnershipPrivilege	1740	msiexec.exe
Token: SeLoadDriverPrivilege	1740	msiexec.exe
Token: SeSystemProfilePrivilege	1740	msiexec.exe
Token: SeSystemtimePrivilege	1740	msiexec.exe
Token: SeProfSingleProcessPrivilege	1740	msiexec.exe
Token: SeIncBasePriorityPrivilege	1740	msiexec.exe
Token: SeCreatePagefilePrivilege	1740	msiexec.exe
Token: SeCreatePermanentPrivilege	1740	msiexec.exe
Token: SeBackupPrivilege	1740	msiexec.exe
Token: SeRestorePrivilege	1740	msiexec.exe
Token: SeShutdownPrivilege	1740	msiexec.exe
Token: SeDebugPrivilege	1740	msiexec.exe
Token: SeAuditPrivilege	1740	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1740	msiexec.exe
Token: SeChangeNotifyPrivilege	1740	msiexec.exe
Token: SeRemoteShutdownPrivilege	1740	msiexec.exe
Token: SeUndockPrivilege	1740	msiexec.exe
Token: SeSyncAgentPrivilege	1740	msiexec.exe
Token: SeEnableDelegationPrivilege	1740	msiexec.exe
Token: SeManageVolumePrivilege	1740	msiexec.exe
Token: SeImpersonatePrivilege	1740	msiexec.exe
Token: SeCreateGlobalPrivilege	1740	msiexec.exe
Token: SeCreateTokenPrivilege	1740	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1740	msiexec.exe
Token: SeLockMemoryPrivilege	1740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1740	msiexec.exe
Token: SeMachineAccountPrivilege	1740	msiexec.exe
Token: SeTcbPrivilege	1740	msiexec.exe
Token: SeSecurityPrivilege	1740	msiexec.exe
Token: SeTakeOwnershipPrivilege	1740	msiexec.exe
Token: SeLoadDriverPrivilege	1740	msiexec.exe
Token: SeSystemProfilePrivilege	1740	msiexec.exe
Token: SeSystemtimePrivilege	1740	msiexec.exe
Token: SeProfSingleProcessPrivilege	1740	msiexec.exe
Token: SeIncBasePriorityPrivilege	1740	msiexec.exe
Token: SeCreatePagefilePrivilege	1740	msiexec.exe
Token: SeCreatePermanentPrivilege	1740	msiexec.exe
Token: SeBackupPrivilege	1740	msiexec.exe
Token: SeRestorePrivilege	1740	msiexec.exe
Token: SeShutdownPrivilege	1740	msiexec.exe
Token: SeDebugPrivilege	1740	msiexec.exe
Token: SeAuditPrivilege	1740	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1740	msiexec.exe
Token: SeChangeNotifyPrivilege	1740	msiexec.exe
Token: SeRemoteShutdownPrivilege	1740	msiexec.exe
Token: SeUndockPrivilege	1740	msiexec.exe
Token: SeSyncAgentPrivilege	1740	msiexec.exe
Token: SeEnableDelegationPrivilege	1740	msiexec.exe
Token: SeManageVolumePrivilege	1740	msiexec.exe
Token: SeImpersonatePrivilege	1740	msiexec.exe
Token: SeCreateGlobalPrivilege	1740	msiexec.exe
Token: SeCreateTokenPrivilege	1740	msiexec.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1740	msiexec.exe
1740	msiexec.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
684	msiexec.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 2360	2012	msiexec.exe	29
PID 2012 wrote to memory of 1816	2012	msiexec.exe	33
PID 2012 wrote to memory of 1816	2012	msiexec.exe	33
PID 2012 wrote to memory of 1816	2012	msiexec.exe	33
PID 2304 wrote to memory of 1948	2304	chrome.exe	37
PID 2304 wrote to memory of 1948	2304	chrome.exe	37
PID 2304 wrote to memory of 1948	2304	chrome.exe	37
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 2980	2304	chrome.exe	39
PID 2304 wrote to memory of 1040	2304	chrome.exe	40
PID 2304 wrote to memory of 1040	2304	chrome.exe	40
PID 2304 wrote to memory of 1040	2304	chrome.exe	40
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41
PID 2304 wrote to memory of 1880	2304	chrome.exe	41

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JJSploit_7.3.0_x86_en-US.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1740

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7D0ECF74F3A7B659CE538629159643F1 C
  2⤵
  - Loads dropped DLL
  PID:2360
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D03CFC9928819F851BC4A0DB27F4D48A C
  2⤵
  - Loads dropped DLL
  PID:1052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  PID:2272

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2540

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003A0" "00000000000002C4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d59758,0x7fef5d59768,0x7fef5d59778
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1584 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1320 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1344 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3668 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2560 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3472 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2400 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2560 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2624 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2580 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4488 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4524 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\JJSploit_7.3.0_x86_en-US.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3352 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3384 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1572 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1752 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2320 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4724 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4372 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4508 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4668 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=1308,i,6443893767274737907,336807125771837462,131072 /prefetch:8
  2⤵
  PID:2932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1060

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005AC" "00000000000003A0"
1⤵
PID:2308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\JJSploit\JJSploit.exe

Filesize
9.9MB

MD5
9025b1a81a264417aa8aa18a56075f88

SHA1
d3b0c130acd815e9f7430d7f0857b05430420279

SHA256
2a19e43202cef88fdabb63be7811cb4214ed455aeac227ea6a86b19d60a9d14d

SHA512
63ea2d941ba66a30fbd57aee2758129414563e556479ff8e0911c4db0c8d2827ef58750b665e1b630009a730f542f790f771c89c9e5148747b98a4741c334d7c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
2KB

MD5
4985187874b10e2e87ff4cfaa8926f3a

SHA1
cee1e9f855ff768a711c0c5914ce6dd515a26ceb

SHA256
8386fe85af0f20f289b5033ec1df4da94357ed6354ec704c38956502afe2cece

SHA512
d7bd28a05ec8e49b1c2f294592a905ab632d0d12e39b26dd52e4a21552153d912c47c4021f7975f983db3ad8eef716db7febd8efa56d423fd07a81d9e7ce45af

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
2KB

MD5
5d7114d2286fd893c9eee026d7b7af62

SHA1
15498d702de1d543a7f05dc8f91249e46fe6eada

SHA256
98b07ee46d6e9ce27496aec449a7f7472e2094af8852aec1ce72baf0e487fa8e

SHA512
a41840fc87c1472184e2c3f44d4fb79d1633f0607e2632f8c53a6cae8a459becc4bc3e7b331e82fe11776963c119a2dbcf17289635139b79fecc28d9adcda2ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a7879a8b92760bcf094d6820874300d

SHA1
249a5a33689a3bbc6c5a14615573d3bb75fe16cd

SHA256
d84c871fc2a08d394fe391ab51ab0214348d84ccff3971585b00174359283d4d

SHA512
09e002a7679483996051fc98f7e34dd3c23837f2c87e7027e93a0363e92c5d3538995c1a0f9293cb50cd4afb915dc462eb71b7173c37ba5a9357091d42e72180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e10d89570a72214568e9211548c19a59

SHA1
cfffb271eb21d635819f8233edf6ee6ac0eff79b

SHA256
00ad4817370e46ac987f1326c902ee1f3645549fe81bb9eb727e5f5116855786

SHA512
8585d351a04b151d8682caa07636ba65fe7f0cbaf95454cd5edcecce76fedac19b84169cf0f6ab7b53179878adcce2ca2c796d718b2a8a0cc09d1a6f8813c1a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71cde58b3415fe639b4ccc9af5e24e71

SHA1
f3f69cd6083885a26fc33f5a75fdd38ab7c94dab

SHA256
679a300309d8b7c9332d5835400c1178fe55ece8189b81164f68f7dd94842517

SHA512
f2a461f005d86c4fcb15f3760b4ca989ba0e60394259e5cebfdf844a82eb95b5894e4a9c78eda20973f019fcadfddc743eecec480ce0311150986b3e6543efbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd3f57e4daea20035fbbac6c08980385

SHA1
7e752feba13ec408bb9243a5c8a4517bef837181

SHA256
a8821ed6184b5f18278d2bf052df4622ba38796c02e2a3e37680c7e682b918a8

SHA512
de5fe8981d8ede60e22f130e805341eaee16461fc23396ff146e6d6412ac4d4b45196b5b15e059522138c0a962ccfbc8c084862607030b2cc619f40bc2f5f4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\03883b72-5f51-43f8-903b-2c5e2d5ff422.tmp

Filesize
7KB

MD5
c3293f993b39c2af985561a5a4867209

SHA1
a30446375c821b68f812e2fd28e90a0c593728bf

SHA256
e14db7483cb7ca691875a03f94f3bcef7f5521f1963f5591766b3b8ccd45627c

SHA512
0ef7bb3390e59dffb61aeb735e3bb06173a832f78091b658c2d71cb1e9a1d834ae3db577a4eb9210104cf1654108572d6f502e7eef77bbbc5ea8548df320f3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
323KB

MD5
15e030b726ebdaa6fbe241529b989221

SHA1
68de3b116474a96920e726eaeb174eac0cb7f79d

SHA256
df5cce8bbe04121c7c524d5f38bd5351734e1ba293c182547ca7df4d0fa4fab4

SHA512
56fc9e5d4e23f0bb86286dd576274a2265b32c9db26204fb3217ef4de0860aaa2593bae8fbc723f4bbe7b6500697d163103c9843ae848e6b3a0971effcd2e5eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
136KB

MD5
8a9b23cc7fb0af162ec6e9d9c5febec9

SHA1
0d8e31f4ecce563dc4cdf7b9875de763a2c1bf18

SHA256
7b38afe64db5787f398afd366e84f3ae6ed42ede77c8dd6bc4436ad52ebab865

SHA512
83d2a56acf2623b8c291db8eb65f8bc52decf21c39b33faf726a8a665c67cf2e05b79d2202bbc74cc546b2e17184b0c43bd8d463112c4a2e5061c12337ffdf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
75KB

MD5
ed0d4cfc6644697d35fadcef06d50844

SHA1
2303c2669635920fcf20c706cfaf63d5fe4f1814

SHA256
5d0d57f183d68873bbf1a865c6b448d5b87032768ac6047da1b2d20697e90e45

SHA512
9ec37eff397d40caebe6cea75e99fa7bca3b2f3fce2b7dece62e33c88a1c966ff6d4a6adb145fd9c78476cb83ab236820f022e2108838579befd6da2a414d418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
66KB

MD5
1e3866fae78400e2271411d54c132160

SHA1
15ce0b2c130b987ffe9376c47b6c246dd44c32d1

SHA256
00a918386aea10ee2c25d529038843c9f4d70e61a7e2578c3aceafd81673968a

SHA512
e50bbcada0323759e3a6a796a6455d5a6e8bb613a1f7d5e0b86ccec95df44139ab9d3c5fdc5649853532695fe7135037b0ddfa4757d742bd94d93da4303cb4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
47KB

MD5
045937268a2acced894a9996af39f816

SHA1
dfbdbd744565fdc5722a2e5a96a55c881b659ed4

SHA256
cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

SHA512
71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
9d4cf01f846a0613c620463794b1a31c

SHA1
0b4a8dfdf83967af3380d3693c34cf264dfb8c27

SHA256
89f76dcc3cd90019066409a4bc6ece01d9fcf5ebdf193de83ca5b518f8428ea4

SHA512
53ec47a27c937f62006e4631a762e842cfc608489b40dc3f0bd35af963e8ff79292e8ae52152c728e1dcb7638e350d826806cacfdb8dadae3d4b6dd4b17070cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
95KB

MD5
0fc830d06ac3635b8f24773df1b87b2c

SHA1
b9d82949f40c63ccae4395650095430bc6863cae

SHA256
f996cb602fc30f7dd054c83ba995833ba398706946eab563a2d987b859fe383d

SHA512
a2d7f3473cc6cc43465c2bb01c85da64dbd367868e79a76b58f2b8756fb656675ee61ab460cd023959251cef7f8cf2acdfc233b5a2137c7c08347f8175b86a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
789KB

MD5
0f49bb1b91100dfca4aa9527f09cb7fd

SHA1
1a9d1c5eeda4abcaa18694e5f0694e69ed13d147

SHA256
a8fc1cc23aaf6985814a81e2dc22ceb156cdaefc038374fafac1969b24e73c78

SHA512
7315d44ab0de3824fc228a9cc9b5249a548782872cc563db561a9a818d52a5f38293cd351f536984a2170cdcefafe8a0d6969ed1b6a8e3fbafd20c6bd363b628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
33KB

MD5
b54a39d6949bfe6bae0d402cd2d80dc5

SHA1
9ac1ce7c7c0caec4e371059ac428068ce8376339

SHA256
6d26dfbcb723f0af3c891e9e45186deccb0f7e710106a379464c6f153792f792

SHA512
d86ac61ccc0a23d18594a8a7e8e444de4838fe1b7cfeea01ace66c91da139bedf811f5d1d5732c7da88a352af6b845f25bb87fc5a130ddf7450fd6d6b4146b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb89dcfaa5ba42cef558d109cd71fb3d

SHA1
244012162ac83c61a9bf1cde65611d545b6c7a7f

SHA256
304b4e4cb7725971e7c5fa6c3ed45880c01b8082744a222c2a43f89a10843589

SHA512
94d99f29495189a85a14d2a3dfb738683af79d6be8bde6c3487c20490f37d94e47a7681ea90ea5fbebeebfbf6daf723bbca6f0a46f476982c37036f90f535888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76a361.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
250B

MD5
1b64dc1d92a3a5323716de105b848fb7

SHA1
1fdadb9f68e8a01729d582767911dd8e23fda28e

SHA256
f2c7f11f60ca3457d1f53bf0b9f14299ad60c4ea97a1bb48e2ceb57e2e48acf1

SHA512
fe9ab952da6aec7bdc908412fd7a7c3894fb1465c5184e403414376af8817384604d5d8d52a8c9e86c94755bb5764272f4c73436fb113bf14cd1afdda3c37ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
90dca2de2e87db58664723c6f5772c06

SHA1
e5b2dbd4fae75dbe993a74edd7d1ac4862485321

SHA256
cecd9ae5c9b8a387369c6651174b0a8aaa9543fdc7121f1b761c5398a4fc7a96

SHA512
030e8854589918cfb9f496943571e9b5a9da96efeecf7dddac2244d37e6daa53c6ceded0fe9ce6e7f3b28a386477dae787658c927324b5523e69f3185df1694a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c10dd3b0015da6ba122b3968b46782be

SHA1
8e6ee4ba251ed9c0cd88c5f27943b1223402d4c0

SHA256
ef4e0f4f18edfda58904bbde56c3dbf57d71efb1eaec4215305230fc6b441e23

SHA512
53a506be52c2fb50e4cd8b546c69cd6d9ef2961b0a076e410a0e7dd0d31a8c18429ad0ce260a32cfa35f1e0d286edcaed452a6a1e462a7884db9eca1165e6c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10312832f8e97028ac25b078904f33da

SHA1
071efdf2961eb2576acd81cb19c7f191bbc270d0

SHA256
795a79a6bfa6c065ea5618ff343dd03e7f28ae205564142e41db5712c0c06029

SHA512
2d3189af92a86ec5be927ba9ca783fe314cb39abdc804d32e1a6a17f280fc5029872a35a23c5c41ab3cdd431fbad404b6636f691a540c631d903961579eedc9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c97182d14c54ce1b4ae6efbdc8dbab70

SHA1
116d823f9a7da350a0cfc8e22ef3d6151707e5f0

SHA256
a5c1520e6b8fa01875a42fdc5b935c9dbcc047b7f1d7c5b0ef1daec042e01bfd

SHA512
f2a3a41fe1941dc6c5092f53c2d9bf1c1fb6a78e412f9aa3e14c1c3b5fa20350d7248e8ec2add3a5cb2269f205eabedd2f9c640cb73d6a1c7aa375aac684e563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb24c8aff1aa914ca5eea46485da9795

SHA1
9c22ffe26eda3a6aeea9c7e6490c6539836b4da8

SHA256
91baccbefb30cc922d9d66278b279af39dc41b82b327d3a5da22432020e587ae

SHA512
45046d7f0cce3d3b43aa5579f2f71edd63b369b50188e45ed0b489fae6e3f0cd75a6c5e1d53509bccb4b0e25c5019a4336f0484cf0710a3c04447f05fc39ec98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9036044471473b37c7e2815f9cbe6ef

SHA1
150524f3d8e67529b32eee3a9c3d4d9b87eadf9f

SHA256
912a5d694dc9e988acbfd94c55600022c7ac6d706200f20154eb7125448d9076

SHA512
e31ccba34b460ecc56d105a96cce44b5b886ac509769b2c28fa62b7c78839edae684a424ad27434f1d35990de10d41b6f3d4c859496d6d3fbfcab991c0212839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ff43e0fdb05f34e92aa0f0ed0784af9

SHA1
c657e799f654613162522964ead7374fc2c77db4

SHA256
941197e975dc856d0454ee23296c1299f212a49380249cb641737f808cdba5c0

SHA512
3431aa7ec92df726bd0901fc8b94a1c8e59ae2b7f05f429681197eb55b670ead26d335bef6a2663d2ae34d9f7e914f365d43974c06eda43cdc3ece61db5b8ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8adb9201220a7e83fab7fc43943bcd03

SHA1
83dd5cd6a42782ee064ee47e9607b30d42b22598

SHA256
d6274675c8ad675c98e80cc03af304ae2c230944183a89d1a411da755740c793

SHA512
e94c86717da5aacd17db323f1df39127c546e187a905a9431735701074f3684071628cb573281868923555cf55d53dff68242edd3012d1f37b81ecf47d9f4075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef2c9380821a6b0851595bd4e36ffe4a

SHA1
06928cc907b27c84d92aa4558cf609e2076e604f

SHA256
9fba3ad1b9a1d593a1a1f671753abaf3fd4c91003bb3af11983b651c7721f740

SHA512
f8cbe168828b1c8376affd04f01ca759efc59f920b901a190ac72acaef17632e9418c89cad21eee5363d1e9ba349edce3a7999006f6e57463df1cae2bec45fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0218eedc8ee1009f6ffde5f72c9328dc

SHA1
3fad1532293dd35cd5a5d946398fbfdd57b5ad40

SHA256
f92b88fbc526a917fcfc9084045d01830e488c931c12b33ec34aede0b6a214a0

SHA512
d2a8e4e7961d4672fd09e75797f9382310d13152c1594e05ba8d13e6bf009dba0c7e43467435429ba82b57ef3df9f501cb3bb3e5aae4422f7259272359a5badf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e5ce0a486ed0e6dc14c7add41c547605

SHA1
4c441c54bbb5cfd7a1a2c7bd47ac2c14e87f190f

SHA256
fb34eb6c4a0d3a6c10f44962b97e55f57e4cf35fb911cf1a31b20f47c691232f

SHA512
b461480c94bd9a8333271d3bb4f3f7d8f26be50e541fe1949b2278cdfc47c47f8ecc8ff93c9bae84d370f62880db2767b32544f9b8b117ca2d9e55aced150697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\169d228b-2e54-4349-a4dd-bb2a30a69d7e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
0231be7d43dd3a635da1a17cbc31fbb3

SHA1
8c6d004461638106f00a06773a0037e6f81a751e

SHA256
30060a4c728e11a00aaaff2e96989ca2bdb2c4f6b495a270ee2a0b5ea1a25bbd

SHA512
1b0937d04ba1c515e025d66b77dfe97d35ba60e82e23bc52ec1b4e4e0fb50509ccea2b460d1dd345d23786887445f61c475e7273b5221a5026ce3e24730db25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
a9e142fa9551fca73409abc2b16cea7f

SHA1
35593785c9a293326be9d33947c2c1461e521be2

SHA256
e5235ddd9bda2c6d43e45e93e00e8f4f5fde2c6770692cc57645e37d64e1d7a2

SHA512
f4a0261240ac63ba6d7ec12570546ec9135b6d41311a0088a1922823c06f9d5c028bf9d734a27224465436f9e3e1961ea6bc46ce029a2e36ab6ff4b8ce9a9854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
6a21e1935a9d2e674335094c24a10ffe

SHA1
3e03c348fafc6990cc535ca400bf2ad5b636416c

SHA256
47ded2017fe9a50e0098783e56cd106f59e3da53c667df6fb6c09ad95b106828

SHA512
7f4eed18d3d307c2378e9d0a7f3f2b76028777e5e6553dcde183f342f4754927aa2cba74abb2664f0f41c71b8cb25a4b38356fae922e985137e0998765fa6501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
11f0f835508780112250b089fb350849

SHA1
4c2c3ddfc7a359a3b1a95e9c8bf4e7ace3029880

SHA256
add7e5aa0ecbeb50aab67776ce66e61666fef92d7c5b44669a79ae8d7261a727

SHA512
21d76aff62c822665654df12029bc1e826ad85809e827ccbd96a3d371686979d613e014c765936abdcf51bfc1f61a5e0f9d443c788f51f22a2a2d3553c02f2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
620daa9cd60925fac6624dc4fb366f38

SHA1
657268d3656cae762b4823134a0bf79914408f93

SHA256
7c2af8299606b0ea1a39885ad41be0c1e1619ed6277d28efc1422cdb60800530

SHA512
907682480465fb9c50c879abf2dbc33b2660b052a0f2067eaeaec605af73b93d0fe9be4ffb55be02ec4a52a1e1a71c8666ae662538ce33f48c0483b4e3e378eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
50615031c50215d03f18a3d0acd5d47c

SHA1
d8c5eaaefec25ff3a01b203e3e52d9d71b88bb8b

SHA256
c6bfecd0f19fc86c0037329a16b671284b3ec231565026cd612765f6299300b4

SHA512
767dcd6174fb47619db658b88d99e1d1580e5436138267424125a23cad9f00923467c5cc80a4265b9d9b1024bcf7e879614b2c7e57cbf6c5b99d8691375847df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA112.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI3B4C.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA241.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
aa27d8bfa1552bade2e9a4f8c569aa7e

SHA1
dbc54d5b9ae542073137848f79e428876ca7cc2a

SHA256
888aeb694a9ea52686bc6f2597ca04b0904709b31c96ea7554c435b40b3cdfd0

SHA512
c9ee98afac3d61a279da05468658beaa50f6558e66764d85815bd9ff6e489057cf30a491c1e7fab3c116942c26a06eabfd45cce16002bb439587902e51702353

Download Submit
C:\Windows\Installer\f7659e3.msi

Filesize
5.8MB

MD5
9c232fe2ede51929244afc5c67e53b51

SHA1
8e8bb0eda09d25c1f44b8abd66a7e15a414b76f5

SHA256
1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b

SHA512
d7ba56ed15a4bb482a69543e6bfe11d0aed4bf6b6b037d51dc2d191e1eaae187d1297bbb7c847d73259c34bb9ee26f26f3689c2592b4ff92968101303be61492

Download Submit
C:\Windows\Installer\{31543371-3E1F-49AD-AC6D-E72F218E3508}\ProductIcon

Filesize
21KB

MD5
40b4a7ae4c48f9d80263e43964f44697

SHA1
23ecf7ac584fbb374dd38d12028e97272ab04785

SHA256
bca6f5e3fefde9e64faa54219b00ccce98aee181c80bcd42f45b7c0de7dfcb7d

SHA512
e448da9fdf5a56c2c22e8344f39991e21dde2e9bf97fed2850b5edea416623ec00dde13d6c8e5abf9a19c71ebaac4afe28260e7191de45cf260290e20c78178c

Download Submit
memory/1816-61-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/1816-58-0x0000000002860000-0x0000000002868000-memory.dmp

Filesize
32KB

Download
memory/1816-59-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/1816-60-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/1816-62-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/1816-57-0x000000001B4F0000-0x000000001B7D2000-memory.dmp

Filesize
2.9MB

Download
memory/1816-63-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/1816-64-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-584-0x0000000002FB0000-0x0000000003030000-memory.dmp

Filesize
512KB

Download
memory/2272-579-0x000007FEF2CA0000-0x000007FEF363D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-578-0x000000001BB70000-0x000000001BE52000-memory.dmp

Filesize
2.9MB

Download
memory/2272-581-0x0000000002FB0000-0x0000000003030000-memory.dmp

Filesize
512KB

Download
memory/2272-580-0x00000000023D0000-0x00000000023D8000-memory.dmp

Filesize
32KB

Download
memory/2272-582-0x000007FEF2CA0000-0x000007FEF363D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-583-0x0000000002FB0000-0x0000000003030000-memory.dmp

Filesize
512KB

Download
memory/2272-585-0x0000000002FB0000-0x0000000003030000-memory.dmp

Filesize
512KB

Download
memory/2272-588-0x000007FEF2CA0000-0x000007FEF363D000-memory.dmp

Filesize
9.6MB

Download