hxxps://drive[.]google[.]com/file/d/1jCJeKGuRqJPNMCU4YLppWOA68SKC94uk/view

Analysis

max time kernel
270s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240730-es
resource tags

arch:x64arch:x86image:win10v2004-20240730-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02-08-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jCJeKGuRqJPNMCU4YLppWOA68SKC94uk/view

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\Control Panel\International\Geo\Nation	jessshop-activator-v2-app.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\Control Panel\International\Geo\Nation	jessshop-activator-v2-app.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\Control Panel\International\Geo\Nation	jessshop-activator-v2-app.exe

Executes dropped EXE 6 IoCs

pid	Process
2732	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
3800	jessshop-activator-v2-app.exe
3188	jessshop-activator-v2-app.exe
2324	jessshop-activator-v2-app.exe
1780	jessshop-activator-v2-app.exe

Loads dropped DLL 11 IoCs

pid	Process
2732	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
3800	jessshop-activator-v2-app.exe
3188	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
3944	jessshop-activator-v2-app.exe
2324	jessshop-activator-v2-app.exe
1780	jessshop-activator-v2-app.exe
1780	jessshop-activator-v2-app.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
2784	msedge.exe
2784	msedge.exe
4428	identity_helper.exe
4428	identity_helper.exe
972	msedge.exe
972	msedge.exe
1780	jessshop-activator-v2-app.exe
1780	jessshop-activator-v2-app.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4280	7zG.exe
Token: 35	4280	7zG.exe
Token: SeSecurityPrivilege	4280	7zG.exe
Token: SeSecurityPrivilege	4280	7zG.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe
Token: SeShutdownPrivilege	2732	jessshop-activator-v2-app.exe
Token: SeCreatePagefilePrivilege	2732	jessshop-activator-v2-app.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
4280	7zG.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
316	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 388	2784	msedge.exe	83
PID 2784 wrote to memory of 388	2784	msedge.exe	83
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 5104	2784	msedge.exe	84
PID 2784 wrote to memory of 816	2784	msedge.exe	85
PID 2784 wrote to memory of 816	2784	msedge.exe	85
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86
PID 2784 wrote to memory of 1660	2784	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jCJeKGuRqJPNMCU4YLppWOA68SKC94uk/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd5fd46f8,0x7ffcd5fd4708,0x7ffcd5fd4718
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7294814104706772757,13673344873029021051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5056

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\win-unpacked\" -spe -an -ai#7zMap28858:86:7zEvent26388
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
"C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2732
- C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
  "C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,15239804489698045299,16517587186075901417,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3944
- C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
  "C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app" --field-trial-handle=2168,i,15239804489698045299,16517587186075901417,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3800
- C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
  "C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app" --app-user-model-id=com.electron --app-path="C:\Users\Admin\Downloads\win-unpacked\win-unpacked\resources\app.asar" --no-sandbox --no-zygote --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2308,i,15239804489698045299,16517587186075901417,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Cryptography" /v MachineGuid"
  2⤵
  PID:2120
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Cryptography" /v MachineGuid
    3⤵
    PID:3424
- C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
  "C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app" --app-user-model-id=com.electron --app-path="C:\Users\Admin\Downloads\win-unpacked\win-unpacked\resources\app.asar" --enable-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,15239804489698045299,16517587186075901417,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2324
- C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe
  "C:\Users\Admin\Downloads\win-unpacked\win-unpacked\jessshop-activator-v2-app.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3132,i,15239804489698045299,16517587186075901417,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
506e03d65052f54028056da258af8ae6

SHA1
c960e67d09834d528e12e062302a97c26e317d0e

SHA256
b26d2695dfe8aed4d0d67d11b46d4542c3c9c8964533404dfe32ce7a3e6cfb98

SHA512
15da55267433c41febebbe48983023293c6d436f89a56138cef1cea7deb5cdd7d4bcf58af12835e1152a8ec59e08cfc965e521eb54eed47fe44e1f4c2d1557a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a15dea0d79ea8ba114ad8141d7d10563

SHA1
9b730b2d809d4adef7e8b68660a05ac95b5b8478

SHA256
0c4dd77399040b8c38d41b77137861002ef209c79b486f7bbdb57b5834cd8dbf

SHA512
810fc1fb12bceae4ca3fad2a277682c2c56f0af91a329048adbeb433715b1f707927274e3e4a4479222f578e8218663533440c71b22c49735a290f907cc0af1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d444373a8cbb6a63dc0c8c87c36a5433

SHA1
9a584d1c7e13cf21fa8c3b92d2239510cdece534

SHA256
7d0287ae022b2188ab37847a866b6f196a2f4e67e0d046551a927e0030c14ef3

SHA512
f7246cbb291f3a9a5836364c88c1fe4fe9608f3b8dbbb9ad2ffa90e46dfaf78b5caf6b038ea391dee543be6a08a8541d3d608a92be1eb84be14948ba27752054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
394fed9612d459734d68a1d129cc697c

SHA1
31b1c032a5870ea40d4f66eab27588d5bffbce82

SHA256
a3865b4a7f2d186e0be536274abfca4466b69f6fb7a96f0c9406f17cc7bbfd16

SHA512
db92cf65faa0a7e30c487974f12225a9f3afb224dfa23657c2aa7646bc978bca948b011130412d24f20e0f6d25009ee3e0a927fe573ba23c49a4a8eab9d2139e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a1f01b90185a130346325a21e1c12cba

SHA1
0d24b040e94f2bb7e3c0c68d814935f8ac5c73c9

SHA256
82df79dcc1742c0cda7fb198e7d7843f6327c8b7f5635a3214741446d5a007f8

SHA512
ee8e9544b9a1a6a0e740e70499a231905117312a857cb2c77f5f37626c6fd2567f45845518e5e1b3f50debcb998cbe51205f16a0490724adc9187079aa8c66c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ac1741e2c7e0b9909978a190614a016

SHA1
5dfb708d06acb6ef6621f59881903a6e767d6eee

SHA256
66784341e4e0c8fa9ee92eae6bc66d5ae7e492ca216057533276b81dfeabcd60

SHA512
9e5e47756cdfc5ab781b2d6204c927c9c6d68b9111e4e436181ac8794b518b8298bc1591ab8327ed361a02249719d23ffa1860233d97ed37f5b86ea4cf3f6a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58d0436b87ec06a295ab533e851def54

SHA1
babadd5da55d34ebbb1227db81f28fea46a2de58

SHA256
2f0e2842629b0a623b081f78693a27a5ddcc08bed757a74893d8b89aea11f387

SHA512
58019d1872b0c53438176f012897b96ff9ad0cd8aa70e2c296e8f989df9b251a88f93ccb78f83c2c383db15974b6c21c28a92d79b9e14c7ac56b6494920c9381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f62fc8f3c527c7e299b4e4be626b96f

SHA1
587575518b11c0050648cea826598d4b6022fd47

SHA256
680c7662547709061b6dd9d4da43c8e5e387a5d2b496b57a8bd35b6416e67883

SHA512
f1abafc5e0019170fe24a096d7def3245f93cbec54787c5eaab3b180f2bd12c3efb4d68506444281794f514f4e3ee917dff6c35aa27e53ebcad4aea67822bee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f314f1e0f882934db59587543f0dae4

SHA1
0b323c52088807a4ba88d95c6955fa6276496206

SHA256
295b088009506836c0c378b23443389ae87f10d7273e2884f230b3c4266755af

SHA512
2b054383a341316a2cc27eb612a1bf8802f891ff3d3866ec2256721c5bc1bb8dbc0b43171c16a42eb577139d29c7b2051d865c753e731268c6b25046845e7762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f620913912339d9af30b62e64a875259

SHA1
067bd30ba8d25b00d88b7497257cebd934ae56e1

SHA256
1a141991b3a6aa07451971699f7795e5ce6eee1e216cce0a7242c7b265022872

SHA512
603216e0d5c1e54445ef1acc878766bfeb39023a6c8c63ecd0c563602faf853d4a6aaaefc396896f1b56b6eea671be66e336e75311de2b463cbf75a43569ef03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d84ef54d65792c266be4d1fdac831515

SHA1
3270c7c5bdd0649a17eb908d96f7450032408e4b

SHA256
4c6f7653cdea4617f5f9e20c1c721273db009a66178bc84c96b7a4f198fed8f5

SHA512
3f10682039f57c2fc01c924b7901b599db5e352296cddf37eb7f42e7c9bbb631e6cd1df178a0fd79d3f13044820d4f470da0d4e3ee1d5d4148044cbc95cb8c34

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0caf704f02c89da9097c5497774e5e4e

SHA1
b4bc8a40358d12aa9ddd29584091f8970ec62ad2

SHA256
2c0fc0908b35955c608d60a2a519ac6fbd983b2862808842016d8d643615ffd6

SHA512
cf22a58bb05bec2350a0ca55104d10a64cd4800db063328da31dfb0e71ed89ab3df556360d8a46cd7318d9ee86e5c11191ae633bf8925bec9f295962180cb63d

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
42cc28bca70ee8943e680e678cebb9f6

SHA1
940b0a2c3e7a394d297f1a09119cd327e7168eae

SHA256
d54d8ea04a15343f75dfceceb4ad3576cee7b4ca1ae512d640e6a2869c9b02a8

SHA512
7750023a739cc37bceda17d1709f64c7d580fdf9860b7266c5d53b76522aaae0dcadb142086f50e8172250e7b799400d77f1fd8610eaee3d486b4ecc8bb4131e

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\Network Persistent State

Filesize
2KB

MD5
da2ae32a4eeb482bdf54cfc63b67daca

SHA1
ded2b8a636092d73504a2c6a5aad1f97cb2b2351

SHA256
dd4bdce3b117e50cbcb33b08058a252b50e424d0171a4af139a63c753b94b827

SHA512
057a3df7881bbd7f29fade0a20a20bf88331e02cd4f775e641b7c97912d3ee5266a6370c0c477b81bbdcd34cf042d968fc09892cdad790bf5a52b54eec8a3ac4

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\Network Persistent State

Filesize
2KB

MD5
e7ee3487a6bd16276327749912ffe6db

SHA1
9e83bab9b1f9cb6291f80959bcba7c0c0f687cf8

SHA256
db20044d4c0623ea9db992b9e09f878f35a37a0ccefd38270b733ed0c0535e90

SHA512
e10abaed5ed42ef9be77b695dfccee664fb86c95c90008318db8d74bb8fd43789d7077c5e44ab21bf3e05b32966f605252281bcce7fe81eeb81bedf709963f4c

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\Network Persistent State~RFe59f7d3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\TransportSecurity

Filesize
691B

MD5
0e0b19d2ec7d481923d32e80735e5835

SHA1
3cb5ef2e8f10240fe7d2f0fd137ef1717e71bdf8

SHA256
5ca19e7cda609d2155ed75ffef2bd5816de35fb9dd0ceeb998e1364c9e72e5a8

SHA512
50db68bc77cc4dded05c8bea3c389e779516b1b57c15f1fa415477981ce8698fe1a037b08b63801c6d3b0c70c841928752d8f3cf50fa902dc30e77c1cb3c3608

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\TransportSecurity

Filesize
691B

MD5
92716c948fdd2a3412c4a5e0b30e3154

SHA1
fa611067a4b4adf82aa2e43e216365518d1d5fa1

SHA256
07302a7a92c7d7b37328f23f6d675feb711e16db10f9fac28159107b0c2df170

SHA512
5dc8bb42347282552348eba6d2238c65605f9ef4ffac1062a8962fced8e5878a04e8f52c441b986c139b33f16950b225b76c214ed023f63b7d44854720395bdb

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\TransportSecurity

Filesize
687B

MD5
f3de3f6b86d456c017b52c4a13fe31cf

SHA1
d93ee79363f1b02a3f4153ad069206976256fb5b

SHA256
7aab7245befb446105cb99a7fdbab0cbab1c98a6ebe42b2d555c3f55a5385d00

SHA512
2f6c05505b2bc19fdb4903887a64bfd4b44a8694d1670b2f289bdf2e557b6c83d895ba18e2f89bc6ece455b5e2f2f38bcb06167c8cc6fb5d063dee1520fd6648

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Network\TransportSecurity~RFe59381d.TMP

Filesize
524B

MD5
89d2c8511a2be245b514b9d8cd236288

SHA1
805bfbb7c735bf9a0b8f1e13571d71c5df51c84f

SHA256
631939ef1da755e6ac5107c63504f31e90b673c77925eb123cdb15b812555233

SHA512
1e80ff0cf704e7daa603bc386d6fd1adf99a1e4adfa003c388ae766d2b478a06908f2e9b14af28968607d1a771c64ca1d435156cd0808ff5179ff203199ea18e

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\WebStorage\1\CacheStorage\index.txt

Filesize
65B

MD5
277a8633f9f8d128f22cdce118c2af9d

SHA1
267ce9c1663897e1c98e514d4b687afc2ab04952

SHA256
21850fdae3611489c80e420b2ae3d9b7c47f4c6ef6317f672f472b06597a2fde

SHA512
cbfbc2e2db54ea135958895772142e8c7d066335180298f573416627500d649f55b9d940b8b391fcc21f76fb8305ca241c99fddefdc48e38e594f4d71e503434

Download Submit
C:\Users\Admin\AppData\Roaming\jessshop-activator-v2-app\WebStorage\1\CacheStorage\index.txt~RFe58f0f3.TMP

Filesize
129B

MD5
61922459d977ab2237a7ca2946a4e146

SHA1
62aa134fbca38d62f2678b7c8a8f375f4736b5d8

SHA256
6abe0e77c4d3630fbe7c554fc290497d165e738df325b363f62bde7d781d935c

SHA512
04065adffdc2238d0bd29112cc41e7b205d91e14a4d0c80480378a80b53742ee1a4f1fbc2083a0d9aa975255002c9ba86ce51ead12596eef57fc9df40497ff4b

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\chrome_100_percent.pak

Filesize
148KB

MD5
cb4f128469cd84711ed1c9c02212c7a8

SHA1
8ae60303be80b74163d5c4132de4a465a1eafc52

SHA256
7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3

SHA512
0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\chrome_200_percent.pak

Filesize
223KB

MD5
e9c1423fe5d139a4c88ba8b107573536

SHA1
46d3efe892044761f19844c4c4b8f9576f9ca43e

SHA256
2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa

SHA512
abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\ffmpeg.dll

Filesize
2.6MB

MD5
b254fba5644b75c0c11d3fc20e994768

SHA1
8a70d0ad2fe3219313635db53015f433252e992f

SHA256
16e9d42c754149dd0f275a022aae857347c9276dac3372ebcd746911a9b45a89

SHA512
64f5721128667ef199449be749533e1de1b39d7113fa3ccfe4d83c5ea2d381b188f988e27b423ee3fb1beb43204179563a5147077bfa069c8d2a689115b8c808

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\libEGL.dll

Filesize
470KB

MD5
08418976fb4b5a7584dfcf8d68bedff0

SHA1
715e6858009673a77bd5c35626fc3e69e0046ecd

SHA256
5e36bbcb31385edce0cbecbf7829eb17b7fee1ed937315ed8239ada9e55aeebe

SHA512
a7b7614020b39192024b1b72613a48fcc699d017da6fbef19ebe918392b9a53b23abafb86ebfb2909bd2ba8303abe9bbfa4cbafec5db05362b880131b73a00f8

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\libGLESv2.dll

Filesize
7.7MB

MD5
f41f64cbb9859f94b1a18e2a53aa7ee9

SHA1
f977c9b33dac2ca67dfa6dc882801e19527a8af8

SHA256
8ecf46ffef76c1ea0b37168bf4d6c7f3311ddb9479d345bd1066aa2466200b24

SHA512
a6982ac2c7d5ec63647ae0238b0dcc80c67b1cb6cacaabbe5c81f47c9de9633fab2d3026eb3f089a7a3932713e91b1347adbae98ca3e29e968668d8946d6eb2b

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\locales\es.pak

Filesize
547KB

MD5
2696cc5ac92dd8a0e1e4b5c9a3a32753

SHA1
93eefacd6ea18c207b048f77bf0d53a7dfc86f03

SHA256
4746786f79756ea842cd76a7d9c6ff8ae5d23e46d8cd40c95052c575b8240e68

SHA512
c1e33a47a4766393a9b980286c79f626baa080c8cd9ea51874b7ee756426af65921bc705071e94fb7a93856efb457b880ceeadbd77543d650c39e64be52dc3ef

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\resources.pak

Filesize
5.3MB

MD5
faaae22be956a82b46d9c6015a115d4c

SHA1
f63bc8823e446aaf10a5b9076f78c9aead4eec70

SHA256
7edd5ba39f47cf404a9f935340cd9b8dbb2525f46cf342e0f4bdd2b4a0d492ef

SHA512
30a07986042a7a8484bc545f2f328d090909ca860f85772a9242cc91ae0395475a571c7f215234b3e24257c628bc3e086649c07429c9e7bbba5039b0480457fd

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\resources\app.asar

Filesize
6.4MB

MD5
de9db93acc4ace0b135f9913bfb206d7

SHA1
660e8f3a7982129877e703e646e5c0508530d0b8

SHA256
639b85f2b67af9c6da7241359dff45cdd841c3c3dfc850fe109be644490c034a

SHA512
ca92620ccb8859563876eb2df05c3c834570ca3ab41e87685266c75ba8aff86f069552fd18aed591afc85315e7807e1c25ba6d3f93fde600e0c785df7393bfbc

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\v8_context_snapshot.bin

Filesize
646KB

MD5
6a4c22553f2cac926f3c3265f7177405

SHA1
f64c571c2e30772bcade211acd8170ab587613c0

SHA256
893c922c9a3173b045e5d0a25397f0db84b42ddc636c76479033642355b275d3

SHA512
3b89bb991843cf21da00ce47fc00a696b36b102e8253836e576ee96e2ac6c2ca40d95efbf1badc35019532476354780f576b4e95c60e7250e9ded8729e683ea1

Download Submit
C:\Users\Admin\Downloads\win-unpacked\win-unpacked\vk_swiftshader.dll

Filesize
5.2MB

MD5
f431481707e31bac8e3f79f87a5d7d32

SHA1
21b4fbdc307e5ee3ae889605bd81e42af3e92ee0

SHA256
247e5f67ec12accb5ff81378ffbc827f8748125c48094a981773501667d565da

SHA512
be1c433c19194020094cd6cc0705946c255f98173b64e0caa40212312346f6b0613b2fbf2d04ee699af6410ff551a3f2e83be4e09f7b814ad17620e597ca5c0c

Download Submit
memory/1780-565-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-564-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-571-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-576-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-575-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-574-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-573-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-572-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-570-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/1780-566-0x00000218F7F70000-0x00000218F7F71000-memory.dmp

Filesize
4KB

Download
memory/2324-415-0x00007FFCE1D80000-0x00007FFCE1D81000-memory.dmp

Filesize
4KB

Download
memory/2324-416-0x00007FFCE1B50000-0x00007FFCE1B51000-memory.dmp

Filesize
4KB

Download