hxxps://wearedevs[.]net/d/JJSploit

Analysis

max time kernel
422s
max time network
421s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/JJSploit

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 18 IoCs

pid	Process
3512	JJSploit.exe
2008	JJSploit.exe
5640	JJSploit.exe
6120	WaveInstaller.exe
1484	WaveBootstrapper.exe
3444	WaveWindows.exe
904	node.exe
828	Bloxstrap.exe
4144	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
8568	wave-luau.exe
8196	CefSharp.BrowserSubprocess.exe
8820	wave-luau.exe
6864	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
720	MsiExec.exe
720	MsiExec.exe
1484	WaveBootstrapper.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
6864	CefSharp.BrowserSubprocess.exe
6864	CefSharp.BrowserSubprocess.exe
6864	CefSharp.BrowserSubprocess.exe

Checks for any installed AV software in registry 1 TTPs 29 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\ContinueOnStartUp = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\TopMost	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\SecondHash = "\"0ef6b36d5f825db42412b6ec2e5a0733-2\""	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\Session = "Bearer 180cbcbc-d694-4622-a3a5-58df0df6a285"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\ContinueOnStartUp	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\TopMost = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\RefreshRate = "60"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\FontSize = "14"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\FontSize	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\RedirectCompilerError = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\Minimap	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\InlayHints	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\SendCurrentDocument = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\SendCurrentDocument	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\FirstHash	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\FirstHash = "\"30af26a250a07aad89066b8b835ab575-2\""	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\SecondHash	WaveWindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\LastUsername = "MaciTV"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\RedirectCompilerError	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\UsePerformanceMode	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\Minimap = "0"	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\InlayHints = "1"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\Session	WaveWindows.exe
Key queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab	WaveWindows.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\UsePerformanceMode = "0"	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\KasperskyLab\RefreshRate	WaveWindows.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	WaveWindows.exe
File opened (read-only)	\??\O:	WaveWindows.exe
File opened (read-only)	\??\W:	WaveWindows.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	WaveWindows.exe
File opened (read-only)	\??\G:	WaveWindows.exe
File opened (read-only)	\??\J:	WaveWindows.exe
File opened (read-only)	\??\Q:	WaveWindows.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	WaveWindows.exe
File opened (read-only)	\??\L:	WaveWindows.exe
File opened (read-only)	\??\P:	WaveWindows.exe
File opened (read-only)	\??\V:	WaveWindows.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	WaveWindows.exe
File opened (read-only)	\??\Z:	WaveWindows.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	WaveWindows.exe
File opened (read-only)	\??\S:	WaveWindows.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\N:	WaveWindows.exe
File opened (read-only)	\??\Y:	WaveWindows.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	WaveWindows.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	WaveWindows.exe
File opened (read-only)	\??\R:	WaveWindows.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	WaveWindows.exe
File opened (read-only)	\??\K:	WaveWindows.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
157	raw.githubusercontent.com
213	raw.githubusercontent.com
214	raw.githubusercontent.com
215	raw.githubusercontent.com
216	raw.githubusercontent.com
17	raw.githubusercontent.com

Network Service Discovery 1 TTPs 8 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
6272	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
6864	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\Uninstall JJSploit.lnk	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\JJSploit.exe	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files (x86)\JJSploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF30A059B50EDD667E.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF435A16517144CD1D.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{31543371-3E1F-49AD-AC6D-E72F218E3508}	msiexec.exe
File created	C:\Windows\Installer\{31543371-3E1F-49AD-AC6D-E72F218E3508}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e57fd0f.msi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\_platform_specific\win_x86\widevinecdm.dll	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\manifest.json	WaveWindows.exe
File created	C:\Windows\Installer\e57fd0d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{31543371-3E1F-49AD-AC6D-E72F218E3508}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\_metadata\verified_contents.json	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\manifest.fingerprint	WaveWindows.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF40280724ABD7BE8C.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFDB9.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF73EE0072F5D0ADB2.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\_platform_specific\win_x86\widevinecdm.dll.sig	WaveWindows.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\LICENSE	WaveWindows.exe
File opened for modification	C:\Windows\Installer\e57fd0d.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000b4c6b626f29820b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000b4c6b620000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000b4c6b62000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0b4c6b62000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000b4c6b6200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675803189565542"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_JJSploit_7.3.0_x86_en-US.msi.zip\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\shell\open\command	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\shell	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\shell\open	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\DefaultIcon	Bloxstrap.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\PackageCode = "19403D63BCD23974184F1D0CF7151CBF"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\PackageName = "JJSploit_7.3.0_x86_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\ = "URL: Roblox Protocol"	Bloxstrap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\shell\open	Bloxstrap.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	Bloxstrap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\Environment = "MainProgram"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Version = "117637120"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\ProductIcon = "C:\\Windows\\Installer\\{31543371-3E1F-49AD-AC6D-E72F218E3508}\\ProductIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_JJSploit_7.3.0_x86_en-US.msi.zip\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\URL Protocol	Bloxstrap.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\Language = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\17334513F1E3DA94CAD67EF212E85380\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\ProductName = "JJSploit"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\shell\open\command	Bloxstrap.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\URL Protocol	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{10D16104-7176-4DF8-B953-A107DD0F0C54}	WaveWindows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\DefaultIcon	Bloxstrap.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player	Bloxstrap.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\roblox-player\shell	Bloxstrap.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\17334513F1E3DA94CAD67EF212E85380\SourceList\Media\1 = ";"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\JJSploit_7.3.0_x86_en-US.msi.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
412	msiexec.exe
412	msiexec.exe
5132	msedge.exe
5132	msedge.exe
3452	msedge.exe
3452	msedge.exe
5652	msedge.exe
5652	msedge.exe
5972	msedgewebview2.exe
5972	msedgewebview2.exe
1612	msedgewebview2.exe
1612	msedgewebview2.exe
2684	msedgewebview2.exe
2684	msedgewebview2.exe
2084	chrome.exe
2084	chrome.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
828	Bloxstrap.exe
828	Bloxstrap.exe
4144	CefSharp.BrowserSubprocess.exe
4144	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6264	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6252	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6244	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
6272	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
8196	CefSharp.BrowserSubprocess.exe
3444	WaveWindows.exe
3444	WaveWindows.exe
6864	CefSharp.BrowserSubprocess.exe
6864	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe
9336	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
2132	msedgewebview2.exe
5956	msedgewebview2.exe
6032	msedgewebview2.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	1280	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1280	msiexec.exe
Token: SeSecurityPrivilege	412	msiexec.exe
Token: SeCreateTokenPrivilege	1280	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1280	msiexec.exe
Token: SeLockMemoryPrivilege	1280	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1280	msiexec.exe
Token: SeMachineAccountPrivilege	1280	msiexec.exe
Token: SeTcbPrivilege	1280	msiexec.exe
Token: SeSecurityPrivilege	1280	msiexec.exe
Token: SeTakeOwnershipPrivilege	1280	msiexec.exe
Token: SeLoadDriverPrivilege	1280	msiexec.exe
Token: SeSystemProfilePrivilege	1280	msiexec.exe
Token: SeSystemtimePrivilege	1280	msiexec.exe
Token: SeProfSingleProcessPrivilege	1280	msiexec.exe
Token: SeIncBasePriorityPrivilege	1280	msiexec.exe
Token: SeCreatePagefilePrivilege	1280	msiexec.exe
Token: SeCreatePermanentPrivilege	1280	msiexec.exe
Token: SeBackupPrivilege	1280	msiexec.exe
Token: SeRestorePrivilege	1280	msiexec.exe
Token: SeShutdownPrivilege	1280	msiexec.exe
Token: SeDebugPrivilege	1280	msiexec.exe
Token: SeAuditPrivilege	1280	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1280	msiexec.exe
Token: SeChangeNotifyPrivilege	1280	msiexec.exe
Token: SeRemoteShutdownPrivilege	1280	msiexec.exe
Token: SeUndockPrivilege	1280	msiexec.exe
Token: SeSyncAgentPrivilege	1280	msiexec.exe
Token: SeEnableDelegationPrivilege	1280	msiexec.exe
Token: SeManageVolumePrivilege	1280	msiexec.exe
Token: SeImpersonatePrivilege	1280	msiexec.exe
Token: SeCreateGlobalPrivilege	1280	msiexec.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeCreateTokenPrivilege	1280	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1280	msiexec.exe
Token: SeLockMemoryPrivilege	1280	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1280	msiexec.exe
Token: SeMachineAccountPrivilege	1280	msiexec.exe
Token: SeTcbPrivilege	1280	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
1280	msiexec.exe
1280	msiexec.exe
3512	JJSploit.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
2132	msedgewebview2.exe
2132	msedgewebview2.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
828	Bloxstrap.exe
828	Bloxstrap.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
904	node.exe
828	Bloxstrap.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3108	4900	chrome.exe	78
PID 4900 wrote to memory of 3108	4900	chrome.exe	78
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1424	4900	chrome.exe	79
PID 4900 wrote to memory of 1988	4900	chrome.exe	80
PID 4900 wrote to memory of 1988	4900	chrome.exe	80
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81
PID 4900 wrote to memory of 2500	4900	chrome.exe	81

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wearedevs.net/d/JJSploit
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4a80cc40,0x7ffd4a80cc4c,0x7ffd4a80cc58
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4688,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5388,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,2590543769765514753,7761431325725056872,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4784

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_JJSploit_7.3.0_x86_en-US.msi.zip\JJSploit_7.3.0_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1280

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:412
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9E88B57AB5D0E38A363E162198EEF433 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:720
- - C:\Program Files (x86)\JJSploit\JJSploit.exe
    "C:\Program Files (x86)\JJSploit\JJSploit.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:3512
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /C start https://www.youtube.com/@Omnidev_
      4⤵
      System Location Discovery: System Language Discovery
      PID:4772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd33843cb8,0x7ffd33843cc8,0x7ffd33843cd8
        6⤵
        
        PID:2292
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        6⤵
        
        PID:5124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5132
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
        6⤵
        
        PID:5192
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        6⤵
        
        PID:5352
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        6⤵
        
        PID:5364
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
        6⤵
        
        PID:5668
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
        6⤵
        
        PID:5920
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4637822933580557578,16578067660578247140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
        6⤵
        
        PID:6004
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
        5⤵
        
        PID:1960
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd33843cb8,0x7ffd33843cc8,0x7ffd33843cd8
        6⤵
        
        PID:652
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,2248483777774237917,6242328804014044102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5652
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3512.3896.10709877520585644792
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:2132
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x1bc,0x7ffd33843cb8,0x7ffd33843cc8,0x7ffd33843cd8
        5⤵
        
        PID:896
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1768,3097883400391081731,10246653424190844462,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2
        5⤵
        
        PID:5960
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,3097883400391081731,10246653424190844462,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1900 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5972
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,3097883400391081731,10246653424190844462,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2340 /prefetch:8
        5⤵
        
        PID:5376
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1768,3097883400391081731,10246653424190844462,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
        5⤵
        
        PID:5688
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3380

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5564

C:\Program Files (x86)\JJSploit\JJSploit.exe
"C:\Program Files (x86)\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2008
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2008.5992.1179469323746018836
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5956
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ffd33843cb8,0x7ffd33843cc8,0x7ffd33843cd8
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1752,9418489377716467324,12350332320597888855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1780 /prefetch:2
    3⤵
    PID:1184
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,9418489377716467324,12350332320597888855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1952 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1612
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1752,9418489377716467324,12350332320597888855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2412 /prefetch:8
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1752,9418489377716467324,12350332320597888855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
    3⤵
    PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Program Files (x86)\JJSploit\JJSploit.exe
"C:\Program Files (x86)\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5640
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5640.5560.3981717675791662842
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:6032
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x178,0x7ffd33843cb8,0x7ffd33843cc8,0x7ffd33843cd8
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1728,17168074986625999475,12739652388571210682,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,17168074986625999475,12739652388571210682,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1864 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2684
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,17168074986625999475,12739652388571210682,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2524 /prefetch:8
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1728,17168074986625999475,12739652388571210682,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
    3⤵
    PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4a80cc40,0x7ffd4a80cc4c,0x7ffd4a80cc58
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1724,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1392,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4732,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3516,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3784,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4404,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5096,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5040,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3304,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5968,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5644,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5068,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3232,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5140
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6120
- - C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1484
  - - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      Enumerates connected drives
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:3444
    - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3444
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        6⤵
        Executes dropped EXE
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe
        
        "C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave-luau.exe" lsp "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\globalTypes.d.luau" "--definitions=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\wave.d.luau" "--docs=C:\Users\Admin\AppData\Local\Luau Language Server\shared\bin\en-us.json"
        6⤵
        Executes dropped EXE
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
        
        "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6760,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6764 --mojo-platform-channel-handle=6712 /prefetch:2 --host-process-id=3444
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=4580,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=6992 --mojo-platform-channel-handle=3548 /prefetch:8 --host-process-id=3444
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=7176,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7180 --mojo-platform-channel-handle=7172 /prefetch:3 --host-process-id=3444
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=7596,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7600 --mojo-platform-channel-handle=7592 --host-process-id=3444 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=7612,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=7624 --mojo-platform-channel-handle=7604 --host-process-id=3444 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2652,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2668 --mojo-platform-channel-handle=3136 --host-process-id=3444 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --field-trial-handle=8092,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=8088 --mojo-platform-channel-handle=8080 /prefetch:8 --host-process-id=3444
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Wave\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5396,i,3411821788515804420,16500615563004518761,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=5388 --mojo-platform-channel-handle=6968 /prefetch:8 --host-process-id=3444
        5⤵
        Executes dropped EXE
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:9336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6304,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3448,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5160,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3260,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6128,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4832,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5564,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6408,i,15599780192776733657,5707547484568998104,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:8940

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E4
1⤵
PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57fd0e.rbs

Filesize
22KB

MD5
6f7890e95b738ed38c791ab0a19595e3

SHA1
86b4a17a77c0be2a170025b95c066ff6b2f9830f

SHA256
6cd502b656fe6ab90501eba2936437103b2b5e4d6f3f66c7fccaae5c0e41d05c

SHA512
a294ce4736d13b84a899e2e0f561949b757d53fea9d367e64ffff880bda2b325d04d7402cda2d20913a8c433ca96ba9ac26107ae6ca92a2fcd44ee91483ea70a

Download Submit
C:\Program Files (x86)\JJSploit\JJSploit.exe

Filesize
9.9MB

MD5
9025b1a81a264417aa8aa18a56075f88

SHA1
d3b0c130acd815e9f7430d7f0857b05430420279

SHA256
2a19e43202cef88fdabb63be7811cb4214ed455aeac227ea6a86b19d60a9d14d

SHA512
63ea2d941ba66a30fbd57aee2758129414563e556479ff8e0911c4db0c8d2827ef58750b665e1b630009a730f542f790f771c89c9e5148747b98a4741c334d7c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
2KB

MD5
0cf801f527eef6372e960780fed5bf9f

SHA1
beebc7633bc733a23e40469e0252812879805b8d

SHA256
efe753676f4b368e359e1e32a78f1e70989068a472d5bdc61fc458bd9c80c7af

SHA512
24a15fbbd2ff38b9c93a5a24fe95a2e671d3f15bf553772d8405b3c53db2dabb908fcb94996b01695da1ac6400af7faa5e4dcf364f8d7642fba04a48ea757686

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe57ff40.TMP

Filesize
1KB

MD5
58bb7971f25f461c42d4c69ad3de5b76

SHA1
8d6ecc635243ff9baf96c084a2dfa591602bc51f

SHA256
434e0eee91daeb2f30cddfb28003eaa9d771906989052bc514a2d2aeb25ec285

SHA512
b3f29944b54273c2fa327fe259c359190eb3a759cd6d71193ea8eb5f24bf1862cb704d53ab0010b7767747cd4062a6ccf490f442add5f72061588bc445fde970

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

Filesize
120B

MD5
636492f4af87f25c20bd34a731007d86

SHA1
22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a

SHA256
22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d

SHA512
cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

Filesize
20KB

MD5
4f8f43c5d5c2895640ed4fdca39737d5

SHA1
fb46095bdfcab74d61e1171632c25f783ef495fa

SHA256
fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

SHA512
7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

Filesize
71KB

MD5
3fec0191b36b9d9448a73ff1a937a1f7

SHA1
bee7d28204245e3088689ac08da18b43eae531ba

SHA256
1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

SHA512
a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

Filesize
247B

MD5
81ce54dfd6605840a1bd2f9b0b3f807d

SHA1
4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

SHA256
0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

SHA512
57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\configs\DateTimeLocaleConfigs\zh-hans.json

Filesize
2KB

MD5
fb6605abd624d1923aef5f2122b5ae58

SHA1
6e98c0a31fa39c781df33628b55568e095be7d71

SHA256
7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

SHA512
97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\configs\DateTimeLocaleConfigs\zh-tw.json

Filesize
2KB

MD5
702c9879f2289959ceaa91d3045f28aa

SHA1
775072f139acc8eafb219af355f60b2f57094276

SHA256
a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

SHA512
815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\sounds\ouch.ogg

Filesize
6KB

MD5
9404c52d6f311da02d65d4320bfebb59

SHA1
0b5b5c2e7c631894953d5828fec06bdf6adba55f

SHA256
c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

SHA512
22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

Filesize
292B

MD5
464c4983fa06ad6cf235ec6793de5f83

SHA1
8afeb666c8aee7290ab587a2bfb29fc3551669e8

SHA256
99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

SHA512
f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\PageNavigation\button_control_next.png

Filesize
1KB

MD5
34a4a4801e02097cef3e46e6b9c67c41

SHA1
2f271ae04352f39bb72c677a16da03f19a51f672

SHA256
7ca0bdacdebc16eace9d67078a5ecbc8d9f6098fad80e0d8c09fb5f708ad389b

SHA512
87a29f06c2539a6df2f043fbee747812f0672a9a6a97df906d8a38b9ede7a7e7ad2a61850888e39ad6b45f422680f4c89cc40c3724b1b4a0312dde8c35ed2a75

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png

Filesize
1KB

MD5
6e8a105456aaf54799b1ae4c90000ff1

SHA1
5a9a277b6ef822caaede13b34c222fb69451c141

SHA256
fac4a9e1c49c9f3fc07dbce40f4648987cf90f4c2ed0a96827630341621e9845

SHA512
8e74329066b3c0c4b8303976cc4207b94ebc7ee38b74dedd490c2006feb53a99a0671e407ec649ec9da6a4d3ddff46bb7150963dfa8254364ab619db9ec3fd54

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\[email protected]

Filesize
922B

MD5
97788161324392fe1af78ff82b9c953b

SHA1
e9992beba9b73f7a03e7426dbf12fdd219633c4e

SHA256
cf2c4273a398e58620f7f751ab9ccae36da95fbd39055184b4f3cc96393ebadc

SHA512
447fca7cd7249597403de54621bb53663f3e378fa043d439ef1abd4363775d28402c6670d4a06d23381073b7585b30661dbf9aea35eef66ea92c8a2501730266

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Clear.png

Filesize
538B

MD5
fa8eaf9266c707e151bb20281b3c0988

SHA1
3ca097ad4cd097745d33d386cc2d626ece8cb969

SHA256
8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

SHA512
e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

Filesize
130B

MD5
521fb651c83453bf42d7432896040e5e

SHA1
8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

SHA256
630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

SHA512
8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\TerrainTools\checkbox_square.png

Filesize
985B

MD5
2cb16991a26dc803f43963bdc7571e3f

SHA1
12ad66a51b60eeaed199bc521800f7c763a3bc7b

SHA256
c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

SHA512
4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\Thumbstick1.png

Filesize
641B

MD5
2cbe38df9a03133ddf11a940c09b49cd

SHA1
6fb5c191ed8ce9495c66b90aaf53662bfe199846

SHA256
0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

SHA512
dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
e8c88cf5c5ef7ae5ddee2d0e8376b32f

SHA1
77f2a5b11436d247d1acc3bac8edffc99c496839

SHA256
9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

SHA512
32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
499333dae156bb4c9e9309a4842be4c8

SHA1
d18c4c36bdb297208589dc93715560acaf761c3a

SHA256
d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

SHA512
91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\Thumbstick2.png

Filesize
738B

MD5
a402aacac8be906bcc07d50669d32061

SHA1
9d75c1afbe9fc482983978cae4c553aa32625640

SHA256
62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

SHA512
d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
83e9b7823c0a5c4c67a603a734233dec

SHA1
2eaf04ad636bf71afdf73b004d17d366ac6d333e

SHA256
3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

SHA512
e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]

Filesize
1KB

MD5
55b64987636b9740ab1de7debd1f0b2f

SHA1
96f67222ce7d7748ec968e95a2f6495860f9d9c9

SHA256
f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

SHA512
73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
850B

MD5
853d3cf1885cca778f58654e199c1057

SHA1
c5b24f922f2386679cd55f7cd340b385b18ae3e6

SHA256
f092276d17e88d6287475338a536a50aff97c0b58aa66b5c016581cc41034a9b

SHA512
94961dca48b4c82cc6765e9bfa89baa857276088dfec2456caea627b6409f014a3e4b0aeda1a4cbef4c84fdae8cf066180b5a29e024cbbb6d98844282e9cad5c

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
972853493edc07f3329c180a488a606a

SHA1
1e1d3ebf8559176310da0de644b99d44790087b5

SHA256
b230f48b0fd301f82cdebafdf5d77d46a6b54295f59c1647c8b28e4b35ea8d72

SHA512
221277590809e814c8e9e5f015fac35e049984585142fff69226165521b29822a83f6385aa1b782f419b2592d1992a5bec48ad5b89ada17eab3031cfacf71dc6

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5c577e.TMP

Filesize
529B

MD5
4c3a7b5c35e97bc48aa538d06d0a363d

SHA1
2cbc1b89d5db76f41e33ff5122c917ceb6522507

SHA256
438429f60b50fe8e13263948eb3f94f6b728dc40be50fbeedd93954f173a51b4

SHA512
49d13dd7c3a9183b05d5d81b42ba4032b033a917bb869a51cdae05484303a6afccfdd040c55305a9d8c54a5aa41fb96dd102f7723c87309f5c24f293efd0c3ed

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7476b53072467db7bee17ddd7194838e

SHA1
6e5bd209d7567cb97ba5aa2abcf1a04bd4b32220

SHA256
49bb741e01de9ee2977a43c1af7b92d07b7291c20d5fca51001439a43dde80d3

SHA512
a79c62357fb329ab8ca70e18e9c43442a6e575cab0c83f0fa8b9be2071eeb010af0c7747ed67f3a6a9444f35e2ff655fe29980e448ba26f8d3018e03ea4ebb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
40KB

MD5
230ab95d87a717be265134072eb17c25

SHA1
71a3d3dd6f952057ba0c6025d39c9792ff606828

SHA256
3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068

SHA512
9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
40KB

MD5
3901431a1cf953a09fb115f792530d50

SHA1
9d3f7fea615821763849cd320e3c9fe501d9cbda

SHA256
f6495dbf769719aa52f4bd6887e8e84a6565368841249e480143f6bdafeac85d

SHA512
b480791f426899e8c212d327bce05f9e9b9a9efc0ad09f73168103291a236bf72cc6c3c0f4048ad2feaa560a51235e1ef91dd11720cfc273b99f59fbd60ccb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
23KB

MD5
3070b0d3a0854092db26c3ddd2f7b044

SHA1
dcb02d3ca182c85e94fec612e151add71bc5284f

SHA256
bb4d02d2480746bd00ae9e0188a1f262480bdbc866bf3ebf7b84052fec535b58

SHA512
5552400d2b631f9de2c005d201eeb857b95b2d686606195c498e38e6a4296de78045a74bd463866318bef61e3f51f7a559a55fccf460ff6bc7b0f674b6e2810d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
20KB

MD5
907d25397f8c4e45e84e4ce4cf96cc2a

SHA1
30911b4eee9435aae394bdc67c7125a61611d75b

SHA256
da661a4276bdfcd3daa276e06edc45a699acbba604e29d1afbebb89a1178b8d7

SHA512
0dd1ff07099f7f7b13e4c626285c85d798501df96724c43e9b5a284b5e80e0bf8789a80c791129af45e2ce289213e32dc88fea8436f1f5bbd14c07e645be2b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07b8e8f5e5ff414c_0

Filesize
303B

MD5
8f97796fcfa0970ff112daa233a32724

SHA1
4ab5b206888646f14655008dc20facce423fe96a

SHA256
964a208a344a965dcf496542bb20c71b3af1b18c83a3287e135b80f5c81180ad

SHA512
a7add2c2a9644c91955c813ad7ddd0e68e493552a4308dc441ab99d3dec3c9f6b2f61e12003632892d25b62a3ad864e72cb46224687ed601f4c568a1acaaf207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9f31d6ef994d1aa_0

Filesize
54KB

MD5
d1d91ee219021723e7f10b55f75b0e70

SHA1
e61ede21588a6b6f0aa1f296b7965fec08c1dd3b

SHA256
c035672a85b067241656d81e87b9dea8d0572785c5941839de28271a85d8f29b

SHA512
8fc5a8fd5f4ede03453a6b85fac5437f1ea20feed1b50a00cbe88a318374e1a9a1cb8e7704a2639b60fcbfb64d9741feb9d1a5f329adb3793a6953fc047936a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c3f3c6e7f48dbe6b481d8c5899f9af0f

SHA1
ed254215a2dd992ac7f578510bda48e9e729ca9f

SHA256
5065e49ad801cb4a332e47ee15baf37a318d4d45dcfd67819030aa5937834981

SHA512
0a9c54e16bf92785b1ce9189fcde50c55113b5fa906dd0af6ef26f05a89e397a61071c967a05a306c727e4dd032997392ff9fbf84dbbc376db8f2061ce838933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
7723a8a6f8aefff3bb104c428af9e61e

SHA1
945d76028b7a19a10a8729ad2f8c92aeaa5ea8d1

SHA256
6bfb6aade135537b2c3719b04eca2b54c7ed5f32eacec30f48ad0a749cd9e940

SHA512
5472bc3d93c69dcab2806b2c0f18b62300097828d821c895c042d1ae5a1cf34c2325d19d9c87c163be751705bb52f8b897425072d703b41856c09c529b2375a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
10d77dd53683913ee9c74bc8e4629efc

SHA1
b65b0eaa635a3a860dc1bfe308de4015400cf939

SHA256
f70601b2d954fb6d816f776bdc01dbb554449a811884775b8f1e52bb8706ac5d

SHA512
ba02c0bed9c3402c75ac083c595d7457eaa927b0128a45cf5a7b234f9de2b86918266fd63e17695875aabf741a7801d331735c9e923ed2d9e7e2f2ae126f653f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f056aea3a8a014a8dd08c6a4a00aabbb

SHA1
0d9bd0048d29f3585a80931919928a9315c8f729

SHA256
c5b43591244b4b88e4af7365469d439e589be591144fae287299e8e7bee28b1c

SHA512
1abcf930619f2aad624ea17ed17117e8225b7dd4d833b4335a176424883f34b2f59cc439e063d04c6a7427fef67eabc0a59409d299fac186a84561a295530bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ea409bcd3ce166ac6aab945a63652aff

SHA1
cebe8692c3a25429b41344a777c15be3ce00c51d

SHA256
ec795d54764fe0be30e2be691ca74e3a17f3d044a37f05a789f40a302a6a65a0

SHA512
9cd0c6b9651e6b243310d327d919b90eaa62df3b01d063b217c56646f2c89cb05644d58c818730b764a2ec933028ced75b96078ab088202a16be805dc1cc0bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
f387984579c0f60ba602a43b78c6967d

SHA1
92eede0f31b9961d6aaa06555338f5a7834142ec

SHA256
c6fc6f6758c765590ba87f5ceb2c18ee434c3fc5a9ac800971f823c9bc2e70af

SHA512
33ac0d8f5a5d63a1188d6eb1f212de3c0904b9aab5bc8a98833d3116a8948f4cafe3dcbae66e4a90b93998e3e3d00a9f0eb5e05408ad7c1f663f281b466fbe97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
e614b8be10d91caa7e5b0c3518d0ae62

SHA1
5d5d9977cae0a3403305d1a81b92e2c64eacec22

SHA256
fad998a5003aed47265814f3a7a9a7c5f540b8a9768429d5d6f0ce93d5b173d7

SHA512
a6c059c1d3d8203686851c35d4b3d199e001b2b6629565e862c1b555cbecec97cc183d7243bec597440be2d507d78d1ba0a131b3e4d4de515f7f53dbf06eb110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
3e2d786b4fab43f7af3085bd6a3aba4e

SHA1
8ae558ca786a8cd43d27ac6df883f7cef97e2938

SHA256
49e7f4f570fda19013ed075b430ba9bd25a0cfb8f5341fb5933a0195d0d3f116

SHA512
b6863fa56f02b79f4efc9cf314afa20301f1418ab40ddeb586b2f977bba4dcc3218520b6b0b2100903cddc7b6fa7d651371cdb02d79e727e2a91bdba12727acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
d95bce711137fbde8f509585cb501c85

SHA1
b1c636d941e93e2f318dead5c6e71cb0a0648c43

SHA256
05331182f7653295267d3122f00e3598c4f8a89da80289d1e052cdadba435482

SHA512
79de61ad20b29b52fef1fe2ee38ba86202f0b63abc9819f56207492e3f3c22d8982e096fbfbf2b4c9bcc3b378eba2e22218b4a5f0c5af86e2e98afa58287cc8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a911e8dd9378a4476e8199b358fb792f

SHA1
6a85802390151cb381c6580354ad27ced60aac00

SHA256
0ce85b0e2f8dadf7d4b2e26245ff71e59cbd28a2bed6af94491219ef058162f7

SHA512
1f9007cbb31894d04530f869cc652aed12ad054ae940cd39f35854f3b852468038a752c24cccc291ba222699b737684425ce1c9af0057faf6a36e96cd40b5ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c53f23176a48543165f2d28cf9f387a

SHA1
b497ef828a5f849332df8b269d02788062b536e3

SHA256
203ec3b340db96c4667ea0fd4e7e110abc19f570592ffc3c871309e66c452386

SHA512
e0b20b5de2fd6e55a0cffa25721020d5ec5bc89ea29fc9ca3519dc7536cb275ce928f4506b231788bd992fcb0434ca7ae67960583248c2da363fa548641d8f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2a564cb04f9a3c437889c5e8c236c2b

SHA1
66acaf1f0cff24051101662b2c51299faf3b5cf4

SHA256
5c61b11af88e86fc3fc0a7afce4435df820166bd5311a374d4be9136211d6d69

SHA512
eb49bc30965dfa03bcdb083c821bc0e6490f0753841087056182dd7b5ac26cf043e58845646f4751e7e7073765a15866167e6035cba840b25bc2088580e25c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ce8d46dbca1007f440fe25715c1c33a

SHA1
a3039df9c2465dd0beac8a616060fb614920ef81

SHA256
c9773044244960730b5950824106e2950c60a7ea3a120f93fd79b0bef87688c6

SHA512
8f3045aaef589d48c34086dd37b1bc0c73ea39934bd7e60be57578ce58448ba46ca9b0e2ed87565be01b63b32667bfef528b4552b9b5e1e9db67866f2d7fd599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65c6f541254e3366335a33c1c675a2c0

SHA1
74c7a0fe4d60c1fdb82b49725aea13002eeb051d

SHA256
02c00a90404525033a12daff2142045aefc4ee03609a3fb24a4d9e6a55f52632

SHA512
e2bb5cd45b40b0d3a07f86e45e26681fdedaa73d4bc2bc9c7a19b38b346e426c1ebfb28292185e5cd5871e106febe8e7a18fb7d4b23440b0fa18be72c965d1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8f8983fa23e95e4143d1753e120d36c

SHA1
cdb28e3ad6203359d90181af027be3e0debebbfd

SHA256
a939de78ea9a82e77477438d59fde07920547cce94b37d78643b53e143ade32c

SHA512
c1ae41093a9ea9945ea2618211162ce3443c8799426b095cd2951ec2384246581bb4bd50eafa5164caf281e25bf0cec13bda9d44216fe8487a34fbabd8a7c950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aedb15b05fa56c49f4e01c7109095a31

SHA1
d40b25232fc5620cc4824341a726b21b6b3f99dd

SHA256
d4b329aeeab0be1789f5b71b9bcee4b5da659c3d099a7e7e67543210305f5844

SHA512
b69e77f4e908ea215334ebeefef44309a06143efc9fcfd48ca72609e1db15cb208512bf6cc16e808045225c7c38834640d4fff7213ed109464b53908dd8a0e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
059a283ca09cf7d52c379c285c2f2be0

SHA1
690f09369ddb5edc825ccb20688b10afa3ac46a1

SHA256
02f6d2ef20e436c6f3430eca7bd1a1f8b8f58d5c2d8bab4e0f69fc782bd6df08

SHA512
98ab63e0dd3c61233e9ff1c780b688ad312984ce033e63062952f72003660a49a66b5d9324ae4010af4d15d0ebb2571f45c0900c89ac206b344aff91d054f292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
897e8dd77510811d01a789f677f9d57a

SHA1
0ff41fff0e1901e1ffb618f46dce491c7d6a22ea

SHA256
ecebaedeb359e4db61ebc0b153acd5f6a6d5bb9d49e92308fabfa0dc4488e874

SHA512
f1f11f47261e9a711df2798436550805e264405442fd11f344a617858723631ac1cb85ac9dced19bf12439d37dbc55821d021719cf88a31e9ece286e80bc7a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dae1c64ce7aad31bf8c9d6a1e9562907

SHA1
0966471350186263894310a267f3abe6bf71ea46

SHA256
3e52100ca5b2e7050a459c75e5be3807ae8548fd48e868d142e4d921aa933447

SHA512
9ce740a41288d78693a20b2d4c2228ee1fa66d12b6da2b192193e520d4f4b8ac54477116729165612166ffb5cd02d36e073592107da351e767b86d3146708bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d2295ff1449792548ecb1c94f845d7b

SHA1
df9f5bed621439968c65acd55a0d4187864740ef

SHA256
581d5a872acb8fcc7bd01f3eaf2f8197f9b908267bfdd969f1bcea480c1a1644

SHA512
8379f4f7e10c098a5a1bf487c4250e5494d6981a1ecbb7045c6d664288676aba5ad8397f335e0df761e315bf819a5aa6eaba83ff15d56fec63ed228fa2340ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e59496069067d323e7b08de555be148e

SHA1
7ba581e452b6b93306b26c50fe2fafd1a46279c3

SHA256
96bd2fb0f66152663e945f1631176ce4604c75ea5df5d18a4563a14ee4b3eb07

SHA512
26175dde273ae32ea4e96f3d534c3a0906a6d19c5139fa806100eff767e577adf134ad9943dbf8536e52166301912c1a61ce9e3d41b81d924d2b1142989e8869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb2a689e14dd6374ed0c139f773ddcdf

SHA1
a40d814c4b45de44e9f37efcb0ca1519295da51a

SHA256
c3109137d7d8700cda80a0cc0ea9fe8bba90827e4d6208f3f027ac118fc475fc

SHA512
af248b72253c1ad7a66b8ee50f4ec65091fbc33b6532b91a67a31867045f7d3be746b4877aece2aca19ccf9ff48e3cc93aac56b27051f93717f25f8f084a4881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31cf78bdb804a994538d5aa682ecc9e8

SHA1
fbccde0867fc12a994f06b56e639ca219c45b507

SHA256
b079304a5b1506f13d957b197d1494088918bbd6df428f78052c716bceeb41db

SHA512
dd82bf64bcaa5f2d7538d0bcf33d0258f25559d3d22783a3d75f67f3568ece2fa6b34655107a9c14ebd024520314075d276c4ce20c4ec26c7a290bf0514d3ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d029123f8a726c390956e9552831fbd

SHA1
b1627eb12142a0919f182355339309b57b0c1c6b

SHA256
cc7998e1ef0327b98538feb0cca291fb3811235902c91af71775ee2ea9a41121

SHA512
ce2da7682901ae88cd689f1d600b090c80eb9a9359beb84d5f967b1d78ddf871e8e750e4a9d21685329dac1a6361b43783777d14ec927c68de7d3efa31559811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
169f398e22a1854028eb4c9108f57e78

SHA1
248d3e8211378b1c8784ddc6b1c61961c6d07f8a

SHA256
437e9bf93d4ca5436dab7267830da48eea0bac6fe3534217ceb13714700d1d75

SHA512
ba5b3dd99ac38cf6aef941610d8bc9dfc9dfb4b0ced0d9f01e6836cd3e5c892c1919adde4b99be386513fa05346d623d3498ca39130ff378676d18bf3239471d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ef2f79fab53d43cdc1efdc4a6a3156c

SHA1
4f03cf8b562af71de098dec95616794887db9922

SHA256
d3bb1c689418c6964317e06e51e705ab561271dbddfea071dda5154d54d2c441

SHA512
71404f59bf083eaefe69a4e65d57ba1a78cff4916b163516c29cc24ccd594f5977cafa580f10f226d2e2470ddf289c966a8a53358a563dc3e5ff943c319f4fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96340ae88a06c7230c7ea759cb576a99

SHA1
c4dfe5eec764121c6f05dd30e3ee11404bc0c3b7

SHA256
1bb9b98ef618fa35fbb78ecb7babcb0490a985d686ef9580e98a96a9f4ba4af5

SHA512
51aac8723eb143e6f50a71613decef4b0182afa557d7f0b623fa557bda5ff59a079ddc8c6c83d43abc5acdb4cd9c4c1514ebe1da6fca56bb0951a25b755823d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2ffde282d8f62d98aa9570860c30a6b

SHA1
b47f800573dedfb78c5f22b678c892fefa10b28c

SHA256
287ef756b8cc46bde694b0277cd73e7090399120ba24eb324f3dcd7de1e3a5e4

SHA512
4c2d4c61f3d67ff6f7c2811ba34eca2eb869d3f150a75d0c7badd714a5cd2c97ca623e58307b0f8894710ed9f42a2df9f6ba50d799e69a1b47f60d98e8429101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3cf76260f0783a2a746d79c0a4e3d20e

SHA1
44b12ff8861b0784fcda505233dc69e4dc5618ed

SHA256
40d1b3e7b7d596906e6905f3b594c0282462300dfef697d9da18f3bff71f1e20

SHA512
663a191d65fcfdb6ce06d0d481c83b01b253d5e05ec5f16e222edab522e6f2827f616b26fa24511de4c9de92887e758a6d618f24012b6fcfe86a1a459162d3c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
739cc849a05697828d91aa8b195058a3

SHA1
363e5c8c199409533a6cefab0eea5bae34ca1057

SHA256
f62415a88bdd4f5479dd3508e6a66db55a1a681e8c16f343978fa1de857d45f9

SHA512
6b49c531cca0e2af6f9c225dd6bfe284f10fee5098294f8dc4fcc0f63d3f46416ed5c7f8d95d68613eb2b7506bc6540291d7b617ac78c4411d7779d658931bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
df0b84ac77fcc56429b9688a92877acd

SHA1
4ad84711ff56192c91258f0f4f6ccccae2be086e

SHA256
6b1b02052ba66b3de055da6415c7014493023f0eed4df2e15c7524ea993a689f

SHA512
178b970f099b07c983f461e7d7199e33a9bf6fb04c339fb3875f5c181fa5a89c05fcbb5c85e7a62592e1b897712ae314114273c81305ce10ec7e41fbbce5cc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c840071e8d555bc942cc8bc9d80891e

SHA1
530ac71e7be0776d05cedb2ead3c7064834605bd

SHA256
25be5817f307d7d0348a5713fe23313933b72dca3aed6e2930bd0383147e16c8

SHA512
9ebfc0c8f7b2cad98467e2b1e0bdb3f0d9da7ca337d0e48b27160f3e8a960ad983acea6efd915b8644a6fb32be0fec6907e111cea68b874de465740e96339098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c7dd58f808e7e87bf43b3a40bcc093b

SHA1
52354eaffa1be4f6d79a06f682cb90f27dbdeab8

SHA256
87700fabd020fbbbb2d6ea4b96411a78c0582051782873921a0c09c269af5eee

SHA512
22ddd8b87fc2e015d28d0074f6db4ade422f5f2255d9a999e182206c5132381f17819c35dbbff8ad90e7167ee316cf6856a3cd2418b76ef3f3481794dba18e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6afa29af0c289202f805f4914562becb

SHA1
78397ed3adcbdd8ec37081c76ebc518679eb9880

SHA256
989c6f78a3aa34c9fe4dcabe3284d54a57ddab00cde450c57a0ae8b2eade2ae9

SHA512
ba35cfd07c48a020ab7847cbe2a643d53dfba715144c9bd13f09055bc07871179f265dfeaf0ebd80263c2f636fc94cfc8923609381ad58917e80ac769eec2c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd5af8f335921f4a566acf5f06d9fba9

SHA1
9cc34e123c8496b4591937c48aa863919c2eb0b2

SHA256
d00b0cc63f2be4e21b0f7bc6773d163bd373997a7b62a28959718c645a830b7f

SHA512
832f8fbee75ee1b5a8bf3d947e650a5e79c7f2c36a4dc2def66dbdcf5f9e6a59ed207fbf415ecf8b288e7961e1c6ab7751041be53bc99b60fd7e7972a3c83f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9afeefa0ff1549961ee800d0c566d7d4

SHA1
d4d369a08e39329a62e4259a941b08b0bc94a45d

SHA256
8a86de2c0aebced6a9562b6c5e74888e24dfa9d76026d86ff09b8e38b012c3c7

SHA512
70e912bf5ccf8be89f9d3bef719728069cb39317d2f747d9f3357cb02b165d7f2b2fc0aa331d46f73f7fe982b70eaa26932b6cdc362b803979d9b6b27efe03bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
081bdd08d0807e59c509a9c7ca5269a6

SHA1
16ead3f1e6549f70b766fe5d248bed375df3099b

SHA256
6e0f7d6f81b81ee4fc8febb543e77914b9fc94beb764223c600e0191960c1657

SHA512
8c7d1e6287230529856c44acacb6a263f5905853bbfd975bc3a37016df9576bd10d2c59d22e157d72cc047c83ad017a4779a547fdcc58816223af4420cc7e7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
924f4390d2e926e4568648ef28944af4

SHA1
338d53c0a61b3b1cb06f314e59c56de67cfb506f

SHA256
e0a075dfc8ee2cca799bca2fcb0d31661185314560e404ec0bf924ec47963727

SHA512
4c0faecaf3e9859056648ba51be66f23590810e927ec0cd530068479c407537f1f34142a029b61795c4ff583b7de6c34f2999ebf16a2a626c237ed393e4f63e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c02460100b4f3deb0f6edcce06333a1

SHA1
4fa1934cb0a1d6c6e39a034b08d298a1ccdb4bb6

SHA256
5dc21ba1e2cd79cb688cce55b83623b022e36771964c4b016d82d032a1f65505

SHA512
d33b1e8a4017d445108ab56d5d70dae5ac3bdf5a2f18c8846ed9826460f2a20385cc6fcb6a791805b18ef52108179666e2a39fea774273bb0d78de6f5b0af022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9175755257c188e1556f2cbad19a5270

SHA1
9caa9ef9f4e9c36b940cd3de5172a69e84b29176

SHA256
4cad1717679874aef22e68c09cf7bee9dd4ccd44de71bb53e2cea5d171959bdb

SHA512
1a917e48f45bd43b4f4942a6f9ffc14fa3675e3491a424dc5416481a38fdac1049cd25371cf175433aa10fa29e9093bdf260842f98c19085eafe6f1eeabf6f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
da791a7d92766a42ceb00619f78ce0b1

SHA1
5e73b3923c823edb545de40206db2ca31a99ac42

SHA256
2c2215216b4589bb4767e6cb730a2e80cebbfcbd8f5f5e89abb62cbc245c4bc9

SHA512
8a842c1fe4094103c16abc404f72b0489ef83efb7a3067433bbddf2e835daf7c4ebf944778325d477661c9f8d1bf6021a7d45234c2f313ac49ad6cde8aa9d6e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ae13ae58efa9854245cfeb152a4cfd5a

SHA1
897a2a8983cff133ed3d85ac24d8e0d40da91f78

SHA256
55d841a09d73b8168676c4137a692b2a27c20cfc7c57154cf2b648e1f3bdec0c

SHA512
7403af9b18ee58b482ebb2c7fcfad586a75b15a3d84286d9e0877eadd80dc3e322b7712feb2bc4d0897f1856bd7982de233cad1e2357f85ced345a508644cc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
702ad3ef28c383aaf927c71366ac0dd4

SHA1
f7a9e2839af5ccaae72e98ef93e6a72641bd2731

SHA256
75db555c4648689d7b02aef60b0f10e7bf23c1fef6f78db1f1f97ca0f1e22b4e

SHA512
8eac8e6880478f894cc90bd9b7057ef974365858487b14d08fe735ee137a05e8d917c1c0d1d2344836450bc88dadcb5ee900849d28250c1502d29c5a03272611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
72ad1bb1c77fea89a8e28d12bdc6b096

SHA1
63fc2616ba07d8e8e988f6b5cf662ffd6aba9e66

SHA256
ca6904f3a422af42a08a7f81f38f30d51ad86a9d76b135fd857275cd08962dc2

SHA512
4070c1946497528cf9674a77e5a4253bf43f8581af2ad072aa7c56f5df614f89782d1470bbf02e83071e33bdb13234be613997dcbfeadd12257ff4b947687574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
f62388768f1a124b66dd1a17414e0fa9

SHA1
6d3ff2c0845504d839fca7091fba555a55a62b4a

SHA256
9169b33ec9788b9feac4ace0831a2f18e4f171e284bb83e9717ab9abed2ae39b

SHA512
8066c31fe310cbf5e801906a82d7675d421b946a74d6b39aaf870c93956eb7787561996112ee59075d2789bd4ae8461875489103ab83c1ef54d39b02c17af816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
005984603a257fc0d756ece6f1f0937e

SHA1
54e3985fb75f659959fd29702b4ab049bd7736a4

SHA256
5b82ecb7e5c601bd57dc99a3247ff760194c2f1d053ac27e357fc9e40a0bf6a6

SHA512
d119224c7415425b621c598cddc2dd76c8b51b4dc1ba1d000358f20fe485ec5aea91225c85d068bcc06871391dc92f5a9eb5b4fda1c26dfd103b8386d6ade160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
98abde00339e7fc0b0b176e6e80f4660

SHA1
42a9327036001ba436a49ddd25409e5652f40b1c

SHA256
b2df96e49a69423e680c23bf7623981231d920a7bd19b601ffcef2c9be6b1a28

SHA512
db08d93f7227780fda905a1fb2efd0ed5988ad46ea75b6dbf836225852c9a061f93589928786a5fc46e924e0e81bf0adedad0976336de0c9e1ec1814f9be42d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
adb359bf3db6ad614a58998a29848f9f

SHA1
7d844d67a4d19dc588464bb74000669972e1d28a

SHA256
e719ac3a3cbcda859e76cdde33b093fa0bcf39eff8f4faebb6e38aba28a1ee5b

SHA512
e7408ad0f44bb04a8dbb7cc322a28937ce803fdbb49bc1476d0c5d75b210551c2db604e25c0c42fdf459e26cddf6bad9de14567080234d8ecea36842c1717775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
62e3cd01b810273f83e2a863eda2d075

SHA1
5a5814739f56c39482a285e101e918e9ad5990b1

SHA256
3ad99bb146e643ac280aab50bc2c85e687a571473b01580af7b7237835d33bce

SHA512
9313ad4de2d0646bb36e8477cfed5a957e08efc92ede2d97c201341908e4f7c0ead9c2916bb6c86d33bc817f991dba73f13f230bd3d059972d96c999e65f498f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa1e2e0f6df7bec82ed6cd5e0ca23292

SHA1
2a90ac37162b607e8130032e96a2daa6ae1bf423

SHA256
4d6ffca80e8c96d40c19b89c8432a73ce2f88da428fb7c1363e5638dd39f9607

SHA512
5d2ff577179894f01949e84be1a0e08cbaaa62d977270f189cf8982efc1b0862f49ec4b625c611ec774b7a09ef49da3ba93b4901d0a34db58df136cfda6c2489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff5dfd3c36f4ffe74343652754d133b9

SHA1
e3629fd9c5570f1049ce215ae4653ed18a1a9ab0

SHA256
2499323f80f676eb97ccaf8083283b0d937ee12e2aee2930437e0b1d0d9a2706

SHA512
48a2c45af98b93c43722961d5a0e373e6c8250d6a5155682ec6111f9e60660be4ddf0e66df6ab23d9c27cf7d22608828d7ab2e573fb2a5e3e2234b4ebe652e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12a2818cd52b862aae76b4938f39ff39

SHA1
6c11ec71cda4797ea9e04f8d1a0d321cb832b2e5

SHA256
4063900768a3461ce6136020cde5e7e379fa624469c2fb79b7cef9a630a701ad

SHA512
d28db0d3af18830a91fb104f8fd999ba6aeb1ed87c50601184da1528a674a86eec9c5029a2bfe92e40802c66553c6184474145c881bb2c6fee34d2a3011ae0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eadd4b9a4a93b0a3f0bf452e00674ec2

SHA1
58390006ee0387e3a25130ee2dc30c35cb49fe59

SHA256
5b89e919cc89a887d2318137bccc9b4ffc8c44e37cffde1a942ddb713f5acb3a

SHA512
f56ef079926ad0d003acc9b877fd76e88f974e9eaf7a187875b0f4343e9bf54aa77b7f0d53d0b4aecc7f9a3aaeaad3a7699378a2f70c47c11b0b9ad092ea0a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
194c41c712081a8c314fc3fabd33cdf5

SHA1
cd8813fc5a33d8b4101d7957871c33344f7f48bf

SHA256
8645c671eaf98190a8a63317fdd4e32dffb79d3b13a905f30f69638b9239371b

SHA512
c34a2aac00bec684eeaee2227978c2c4f4d0b6ea64d3fa928f475598d79be5d1c6767ca1d0efcbff84a10f4ab16b1c19c3055131f64f88fa6135b52868f2c9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
8091dc17fd03a3ce5b34d640dfbc27d5

SHA1
4a9e23c8c4e831d9c7c2e975a272604e70b60b01

SHA256
98e592bdf3ebb98cbb81d4071e854c0d10b5df50acb59763c4dcc9dc29da964d

SHA512
3946b93ccb6f3aeb8295a0eefd6702b4e7ffdf768dcb8bfcbec58c87ba5c4a6bceb6ee42e792b5fdda45d2731887dfa6f2b838b440c74b623ddccdb717d82a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB18.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDE0C.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\7feba148-2a28-419f-8723-2f0220085dec.tmp

Filesize
2KB

MD5
1e7e54a616cd4a938d35cd82ca70de20

SHA1
ff446f7caa2f5c4705f7c46682c643950d9629c4

SHA256
50b99b88eca877e09b4c216049ba24f44ccbef0d978f4e30e1ff4ebde718e3bd

SHA512
c228bde0f52574049814929179fdbc71916b02895ed3c7fea649aa12acfc3d6bc15a5c689c492dbaeefc7f3260892aa53ecd68d8c7f58ca6159b752b76566c11

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
3b05b9b911d75f9336f35a00c78bf7e7

SHA1
95b3428e09aaa5181ff42254011f0b93fc741ffd

SHA256
c44b924478a76fb03e6d41a2202c7fb3f6ca9605a0b9958bc7de6bd98b76c755

SHA512
24fc24328b8f8124306df9973472ae5126664af050a216cc0ddb9d544d3e9883fa2eb81e0c34bf6e7de0c3f3b78e891663c6f62270cb96f976bd8aeb3e9ff855

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
512adc1aa77fc1fe7677f036f2b0e367

SHA1
9a13369f15b1975eb6c4cb176856a707ea99b670

SHA256
8e9acc84b616e73e831885aab03c414fefcd33b22e2b7ddc62161964a7b27f35

SHA512
a8290605f2cc6714e5be5b58cf09198382920e295bb5226722c7adb8dd6ffa93fb20aea5340794b319d88679363e655560969da16637849c45ae82df9eab4cf1

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\91d97ac7-f97b-4a22-9683-fa911f075578.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
0753b5dc2dfb9b8b3e6c55a8ad233c7b

SHA1
fcaa975dee4125f3a72b8242e6f09181aee32fa7

SHA256
43e9b7b80a6b67f9ab8ea8f1da2287569aaf5b78b5ab2e18b3189865c816b23f

SHA512
02992922ca9eb19f0b00db45137fd0d47145e6fa3a8add557302365ef60418e303e369b9f40ca32cb00debc511f2f8c9105df4d1aca580268a2a29b04de6874d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
1cf5fc814110b01395d0ed702f486555

SHA1
a87492786b3d4d832b84bf28a41c49ebb8e452e6

SHA256
789415b0c247cd95ca36cd76cde54feae40c3c647a4ed010212df411ea9156ad

SHA512
440b49db7405e783c712ebc7435a87349d32c858dd33a9fb689da5125687aa2047068072024e7ff7704f6db6a43ee9917d1798b9523416df6ec225cdf7b28a08

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
c815a954066cc1d919de891e1538f505

SHA1
b7f4c0c4a83ec77c7351632205be9d324651d893

SHA256
e88a132d189f308ae68fac882336cf758bbf8bbb21119ff0be2905d8d4090ff2

SHA512
b2b9d13f01d2bd61805dd3399f6cfbda1a668a0619d36260fbf8559df466ae66397c98e35eba03ace5aca295c1af5e622cb5a980dab7dfbcd2012d3d56630886

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
fc84ea34a0f32f930fdf3b85fdab87ef

SHA1
3df597a14ee6f9ffebefedfa2297d879f7590d2f

SHA256
2f77ccef40229e7b452c89821053b646b959e8a2e6d8e5fbdb6d46ce3178a62e

SHA512
7280eed01220c2844c05b53100f2784a0b65aee37f018d6b119f52a5e1e4e63fcca7ebff77eafb53721394ca91129a9fe4790a8895049f1306aaa6be784eaa89

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\LOG

Filesize
307B

MD5
52f694dc215c817b7ba92850d7ae2c81

SHA1
63997bdc2ead6293f69711811b46cd112d69bcf8

SHA256
7d82e3366bddd6f73d70d76ba54493fcb98f26daaaed3773b32d9283d625375d

SHA512
88aee05fceef5068406a69919806c89aade4bb8c1edafe9a83e1675bd57bd0ef40e4a18161b680055e3fadbbd556f828bf066233afa9cba04eb089b522548cbd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Visited Links

Filesize
128KB

MD5
10c072b512dda8e0c40ffbb806d45a62

SHA1
304c7acb12d08eae38856e33e79c5505c386b25b

SHA256
f8712d7e16b751cfe4f24a78fabf812f1cfb592855f609d12f237495459f59b2

SHA512
be31eafbfc7cc10264a67d04b9bfad810e3dd29099e6bb6735e45a8a8ed7a37f3dffc9c6d7d6e28fc58f700dd787446e45af5bc41245d373c3fc325fecb677a9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Web Data

Filesize
110KB

MD5
12aff5c24b1e165da94cc9ddef6d752a

SHA1
345a57b067d6c7561b149b6a7de1d0cf53e42cc9

SHA256
b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf

SHA512
fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
625115236cf725dafccb64a54172b381

SHA1
c65ece8f54e37841da1b1f11205b76872f56e2bf

SHA256
b194b1112f9c6bbe4aece07c5e486f48f00d0d578f202a99d4cd984eb095cc55

SHA512
a5aed763c8d37693c80cc40885431fd2cf5be4d4913a4bfe57fcedb247ee878374cd6d06233d5afde4ebe6ae3ca1f31d4630abf79ba270c2fcbb822dc0fe2867

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
1e5d0915aae1a523d166a01013be27e0

SHA1
571e7a5f50bfa79d5f6f1d88b60699108f98904c

SHA256
82cf24a2fdf9e2a15fe536adc5058d610b1db674014fcd92b857c8e52b4286ca

SHA512
3bbd649b4038c441b479e0767487f3c727ffa622990f8455a39a04710bb6366d7b94a20fe94322f0fcb58ed4933b95f862cb367dbb1d865053eaa435bf5a7589

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
08586df226b1ba37972ccfce9e7ad9f5

SHA1
a40f71e0453f7be54216ac7c6ba3d2b27d2d525b

SHA256
04a3ec2d4f3cb9d126981ca322e5324a784528aa73f32fe628d9a59737f7ec28

SHA512
79b6bc7b3b7046ac524e47c469ac0fbcba2c217d0fac6db0f2d2c324d73e87d0e10b765a7c6645becb81b3f8be14d8846362ebf3c2299d85f4f2d7ced384f8ad

Download Submit
C:\Users\Admin\Downloads\JJSploit_7.3.0_x86_en-US.msi.zip.crdownload

Filesize
5.8MB

MD5
36b34163cd8784cc038b7acd1e808027

SHA1
a2caaba290c7ae37811f56428d9b9406318e390e

SHA256
154ea79390e747de070ecc7451ebdaf9475cae15dc385e0d87ff41988bd96aca

SHA512
679b5d876e292816e3eedd3fc523b4f215662734fba6a5f0b8c1b966c45e74582bed0afe2b2d5c7519799ed9ae3534c7122553a906b5c2a487dc62e24d379eee

Download Submit
C:\Users\Admin\Downloads\JJSploit_7.3.0_x86_en-US.msi.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 691181.crdownload

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
C:\Windows\Installer\e57fd0d.msi

Filesize
5.8MB

MD5
9c232fe2ede51929244afc5c67e53b51

SHA1
8e8bb0eda09d25c1f44b8abd66a7e15a414b76f5

SHA256
1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b

SHA512
d7ba56ed15a4bb482a69543e6bfe11d0aed4bf6b6b037d51dc2d191e1eaae187d1297bbb7c847d73259c34bb9ee26f26f3689c2592b4ff92968101303be61492

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3444_455742990\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
a844e8e68aa524b565e2794a159cab70

SHA1
9313ef0725671a8a8bf4627e3e9fc122d872582a

SHA256
8705678ee75480ff1f327e81004d6097d57fd839b5a9b26846fa4889356bbb6d

SHA512
03461ed8adcc5dbeb2d91068e63b5520ce73a16f622f3bb8487bb5c9d093060dc9600de90409b8db51413afb7b8dd96ffcd5a2392b08d4331ab43b60f366054d

Download Submit
\??\Volume{626b4c0b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2f209170-ce3f-49f8-89a8-2494e7c194dc}_OnDiskSnapshotProp

Filesize
6KB

MD5
3738ce544882f3181da64acc1e46a5c1

SHA1
40ebe971fb9b9983902099d5ef7e80e605b673ac

SHA256
f442827d35c4cd79f547ec454a9b614bbca2d26943d51fb9738d439c6e010d35

SHA512
172f4728d69f4c5753ca564c303103ae3138f72d6c68c64bf8479af80d610a19bf80a58f8be60e295d3a84bdf9cd2f8f2a3a1efc5a3cdbce728e7793e9a086b1

Download Submit
memory/1484-1638-0x0000000009900000-0x000000000990A000-memory.dmp

Filesize
40KB

Download
memory/1484-1639-0x00000000099A0000-0x00000000099BE000-memory.dmp

Filesize
120KB

Download
memory/1484-1634-0x0000000000AF0000-0x0000000000BE2000-memory.dmp

Filesize
968KB

Download
memory/1484-1636-0x00000000089A0000-0x0000000008AA4000-memory.dmp

Filesize
1.0MB

Download
memory/1484-1637-0x00000000098C0000-0x00000000098D6000-memory.dmp

Filesize
88KB

Download
memory/3444-1658-0x000000000B820000-0x000000000B842000-memory.dmp

Filesize
136KB

Download
memory/3444-8768-0x000000000AA00000-0x000000000AA08000-memory.dmp

Filesize
32KB

Download
memory/3444-8782-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8781-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8783-0x00000000063B0000-0x00000000063C0000-memory.dmp

Filesize
64KB

Download
memory/3444-8784-0x0000000011C80000-0x0000000011E08000-memory.dmp

Filesize
1.5MB

Download
memory/3444-8785-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8786-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8793-0x00000000063B0000-0x00000000063C0000-memory.dmp

Filesize
64KB

Download
memory/3444-8792-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8797-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8796-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8795-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8794-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8791-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8790-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8798-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8789-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8799-0x000000000E910000-0x000000000E920000-memory.dmp

Filesize
64KB

Download
memory/3444-8788-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-8787-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-1900-0x0000000006480000-0x00000000064B8000-memory.dmp

Filesize
224KB

Download
memory/3444-8815-0x0000000018630000-0x000000001878B000-memory.dmp

Filesize
1.4MB

Download
memory/3444-8814-0x0000000019460000-0x0000000019546000-memory.dmp

Filesize
920KB

Download
memory/3444-8813-0x0000000009480000-0x00000000094CA000-memory.dmp

Filesize
296KB

Download
memory/3444-8812-0x0000000009400000-0x0000000009424000-memory.dmp

Filesize
144KB

Download
memory/3444-8767-0x000000000B5C0000-0x000000000B626000-memory.dmp

Filesize
408KB

Download
memory/3444-1651-0x0000000005EB0000-0x0000000005F50000-memory.dmp

Filesize
640KB

Download
memory/3444-1659-0x000000000B850000-0x000000000BBA7000-memory.dmp

Filesize
3.3MB

Download
memory/3444-1650-0x0000000000B80000-0x0000000001382000-memory.dmp

Filesize
8.0MB

Download
memory/3444-8780-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-1653-0x0000000009A60000-0x0000000009B12000-memory.dmp

Filesize
712KB

Download
memory/3444-8766-0x0000000006D10000-0x0000000006D4E000-memory.dmp

Filesize
248KB

Download
memory/3444-8779-0x000000000D240000-0x000000000D250000-memory.dmp

Filesize
64KB

Download
memory/3444-1901-0x000000000D7A0000-0x000000000DCCC000-memory.dmp

Filesize
5.2MB

Download
memory/4144-8825-0x0000000004930000-0x0000000004A1A000-memory.dmp

Filesize
936KB

Download
memory/4144-8824-0x0000000000080000-0x0000000000088000-memory.dmp

Filesize
32KB

Download
memory/5960-307-0x00007FFD58090000-0x00007FFD58091000-memory.dmp

Filesize
4KB

Download
memory/6120-1116-0x0000000005A70000-0x0000000005B22000-memory.dmp

Filesize
712KB

Download
memory/6120-1119-0x0000000005B40000-0x0000000005B48000-memory.dmp

Filesize
32KB

Download
memory/6120-1282-0x0000000006C90000-0x0000000006C98000-memory.dmp

Filesize
32KB

Download
memory/6120-1281-0x0000000006C60000-0x0000000006C86000-memory.dmp

Filesize
152KB

Download
memory/6120-1280-0x0000000006BB0000-0x0000000006C46000-memory.dmp

Filesize
600KB

Download
memory/6120-1121-0x000000000A980000-0x000000000A98E000-memory.dmp

Filesize
56KB

Download
memory/6120-1120-0x000000000A9B0000-0x000000000A9E8000-memory.dmp

Filesize
224KB

Download
memory/6120-1286-0x0000000006CC0000-0x0000000006CCA000-memory.dmp

Filesize
40KB

Download
memory/6120-1285-0x0000000006CB0000-0x0000000006CBA000-memory.dmp

Filesize
40KB

Download
memory/6120-1115-0x0000000000DC0000-0x000000000100A000-memory.dmp

Filesize
2.3MB

Download
memory/6120-1117-0x0000000005C50000-0x0000000005CD2000-memory.dmp

Filesize
520KB

Download
memory/6120-1284-0x0000000006CF0000-0x0000000006D62000-memory.dmp

Filesize
456KB

Download
memory/6120-1118-0x0000000005B30000-0x0000000005B38000-memory.dmp

Filesize
32KB

Download
memory/9336-9049-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9046-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9045-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9044-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9047-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9048-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9040-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9038-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9039-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/9336-9050-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download