76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c

Resubmissions

10-11-2024 11:50

241110-nzxzjayrep 8

10-11-2024 11:47

241110-nyb1nswdlq 8

10-11-2024 11:42

241110-nvex6ayqfj 8

Analysis

max time kernel
72s
max time network
183s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Krnl_8.10.8_x64_en-US.msi
Size

5.0MB
MD5

b837d10b9a71425dbf3d62b2cc59f447
SHA1

85c9ba3331f7eb432c28365b0d1f36a201373a72
SHA256

76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
SHA512

f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405
SSDEEP

98304:XPky+agPtUpupDeOds+883iSh79bubjnvmu5/qv4eYb2Tqg9EeYImwqPY6Bvv8m:XPky9GtAcdsENbubzSJb9lyw

Score

8^/10

discovery execution persistence privilege_escalation

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
1832	powershell.exe
1596	powershell.exe
2340	powershell.exe
1596	powershell.exe
2340	powershell.exe
1832	powershell.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
2400	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
492	chrome.exe
492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2400	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2400	msiexec.exe
Token: SeRestorePrivilege	2380	msiexec.exe
Token: SeTakeOwnershipPrivilege	2380	msiexec.exe
Token: SeSecurityPrivilege	2380	msiexec.exe
Token: SeCreateTokenPrivilege	2400	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2400	msiexec.exe
Token: SeLockMemoryPrivilege	2400	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2400	msiexec.exe
Token: SeMachineAccountPrivilege	2400	msiexec.exe
Token: SeTcbPrivilege	2400	msiexec.exe
Token: SeSecurityPrivilege	2400	msiexec.exe
Token: SeTakeOwnershipPrivilege	2400	msiexec.exe
Token: SeLoadDriverPrivilege	2400	msiexec.exe
Token: SeSystemProfilePrivilege	2400	msiexec.exe
Token: SeSystemtimePrivilege	2400	msiexec.exe
Token: SeProfSingleProcessPrivilege	2400	msiexec.exe
Token: SeIncBasePriorityPrivilege	2400	msiexec.exe
Token: SeCreatePagefilePrivilege	2400	msiexec.exe
Token: SeCreatePermanentPrivilege	2400	msiexec.exe
Token: SeBackupPrivilege	2400	msiexec.exe
Token: SeRestorePrivilege	2400	msiexec.exe
Token: SeShutdownPrivilege	2400	msiexec.exe
Token: SeDebugPrivilege	2400	msiexec.exe
Token: SeAuditPrivilege	2400	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2400	msiexec.exe
Token: SeChangeNotifyPrivilege	2400	msiexec.exe
Token: SeRemoteShutdownPrivilege	2400	msiexec.exe
Token: SeUndockPrivilege	2400	msiexec.exe
Token: SeSyncAgentPrivilege	2400	msiexec.exe
Token: SeEnableDelegationPrivilege	2400	msiexec.exe
Token: SeManageVolumePrivilege	2400	msiexec.exe
Token: SeImpersonatePrivilege	2400	msiexec.exe
Token: SeCreateGlobalPrivilege	2400	msiexec.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2400	msiexec.exe
2400	msiexec.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 2732	492	chrome.exe	33
PID 492 wrote to memory of 2732	492	chrome.exe	33
PID 492 wrote to memory of 2732	492	chrome.exe	33
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 1524	492	chrome.exe	35
PID 492 wrote to memory of 2680	492	chrome.exe	36
PID 492 wrote to memory of 2680	492	chrome.exe	36
PID 492 wrote to memory of 2680	492	chrome.exe	36
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37
PID 492 wrote to memory of 2628	492	chrome.exe	37

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2400

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2380
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D096814257240E5FDFF8A47652862428 C
  2⤵
  PID:972
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1596
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F3A75C29E98AC0004E43DA518BD7B727 C
  2⤵
  PID:936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2340
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AD18916322A543B9FCC2EAF4F5D886E9 C
  2⤵
  PID:924
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ee9758,0x7fef6ee9768,0x7fef6ee9778
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:2
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1316 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2844 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3508 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3528 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2800 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3552 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1428 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3948 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3584 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2528 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3600 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2084 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2332 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1056 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2436 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4332 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3580 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:1
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1156,i,3860546398170664894,9549228961548878082,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Krnl_8.10.8_x64_en-US.msi"
  2⤵
  PID:2144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1504

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2616

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004BC" "00000000000005C0"
1⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ee9758,0x7fef6ee9768,0x7fef6ee9778
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2880 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3760 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1304,i,5856689542309673065,4980654929910620726,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Krnl_8.10.8_x64_en-US.msi"
  2⤵
  PID:2016
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Krnl_8.10.8_x64_en-US.msi"
  2⤵
  PID:2840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1560

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000004BC" "00000000000005F0"
1⤵
PID:2860

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc0
1⤵
PID:1984

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "00000000000005A0" "00000000000005C8"
1⤵
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
a212f7db5c88b516972d70447954115b

SHA1
1cfb42758f6a3d1af9c06dd0368ec9f17a0d66ca

SHA256
8bb881a0d418a156522e0dffb4a4a820ad20c5b227ae98f964d5be621e3a9158

SHA512
cdb770a67ce26c83e065eb1ede4d36e865100f4c2b79e1659f94d32d02412e5af24efa73e6731ad90c76d07cfab011ef785fd579d8acda2314cc73a914081c06

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
6b3cc9869ede43ca231bfe88cd512531

SHA1
d5ba317816ecbea6294b5e29e9e464c9a1f5bf8c

SHA256
ff9ea1b2fed20eb0d02d1d5028cfd66f34fcfe5a113624e1faafb2d7f8f447f6

SHA512
0f2fa804927fd8f69a1d10e0b204637afa714419cb9291751f41244f943c778c2f246cd55642bc1aa7bbc53e8915b2a4c33b96475c63c4725b4a45fc7e1d83f9

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
d388ffb11cb872d3a381ac9b2c687d6d

SHA1
93a257481249dcace24703d0933b034a2a8088ed

SHA256
04904af474c7e917dbf353246347671c9a7328d52c7f1b5ab757588fb5ce9a15

SHA512
6b1248b9b8224f10f6b3114264f9a6ab9470c1c42d3cdde386eb7332696be1f6f3328e3368357a458e554325652c6f77a08890a76b868d56c70c850d082923c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\53f41f6c-bc38-49a0-811a-23a387f4e176.tmp

Filesize
168KB

MD5
f3dc2d67c892e1259eb69adce33a71a2

SHA1
9b45e9b7bc2dbce7cfcbb0c402c32c04572bb58c

SHA256
a1214bb0d877f30a5956058bd5a333544220eadad7ac1b8f64216c9597ff4c0f

SHA512
b80272c13a72a1b293b19e83b6dfe3aceaef0278d4a869fbebd476e28a0a01f388d817fc81a3c34d496a99b83c1e00290e624e914137a6758c0903630e73b5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
66b458a927cbc7e3db44b9288dd125cd

SHA1
bca37f9291fdfaf706ea2e91f86936caec472710

SHA256
481bc064a399c309d671b4d25371c9afba388960624d1173221eac16752dea81

SHA512
897fade0ea8f816830aee0e8008868af42619005384e0a89da654ad16102cd5e7a607440bd99f9578cf951390d39f07020054cca74231cdc42a3cffa363d9869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\36510b49-280f-47ed-abcb-bca83ed36cdf.tmp

Filesize
6KB

MD5
523d326a7c33083ab9bbaf8d551045fa

SHA1
c4d05ffa95958428d3bd916000d3fb82930a2abf

SHA256
ed74d664e8c05465162fc3c1a2c451b2c341cb903d02589cc2cb752932d0c509

SHA512
a4e7fcc9681f2e20fd38fa289252e428a8175128afc03a61aab457d602ecc00314a6fcc22a38cd5c3750613589c76ac426e3c5a168731b66e647d4f34d1fb0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\42084d2b-47aa-4561-be27-d0e2a40bb449.tmp

Filesize
7KB

MD5
db5b770bbdc5486ba781e39179fc1c9c

SHA1
442ec18a07f348b99b55115cca55da74d0b95269

SHA256
b2c1ca64220e0b434d2ca099658e6a95db5fb2503f81680551be5d00f0d70c9d

SHA512
af890e5ab8c822b0127cfb0676837028b3e88a431203426423d6ea432ba8781c6cc0e08111e483eb1c66ff0dc2ed6944f05b907504a903ab164b3c13fea2534f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
4484e2f9546fb2f1f0e6372ecb07aab4

SHA1
9aa7cf9941b70efaf142f6ebd94df01da6ebc943

SHA256
9b7506ba35d8de6210f0fc48fc386fe73fc4f2fce76b1a7bf9c51be71ad26086

SHA512
43d354a74862cbd4aa53f990d534bd73538ef508dcd597dfa33401139ed6d90324f03cff878af1ae494e45792a4e15abcc2163c021bb3fab885d65adbbe46d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
34aca0929dd8de0a55fcd762eee31b6b

SHA1
38c24341a3201b4badc04b79b7778b8da8fbb4fb

SHA256
2b4a4e1bff2718145ecdbcd549715d09167d9bca79036930b57513a64976d48e

SHA512
2670193c21ffcf310bfe278e9f202c40815d6bdf519b3e896d14ffa160e35757b7b33f89dba9fb074bf08634e411e061abf618a537f6fbbaf0f94ca19123b881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
20b76a590c184731fb73c3873e45e5c9

SHA1
30686b7334b70e81f96749b61a7cf21bb4b83f76

SHA256
49fbd7699c9cccf87352be2fb8bf3a937bf615f8cffa87afb2c55c594b39cdc0

SHA512
5738cc5c79d0be6fdecb40f57afeb4fbd0bca457eafb45c4a3bada27aafad8f1c33733f524fbcb2048bb4b41faefd8bbe2f922526c941d417a74b4fa021288ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
1e17aae063107f6c196dfee2edef0be0

SHA1
9cc8554fbeeb3df3896daafdb824c417c3eb6bea

SHA256
8bfab000a0b6c7f4131270761007502cf1a05f71ea0d40ce972c78d806ae4984

SHA512
b6dd2b67dd6aadc9d41425758522ddccd2496c12597981cd5bd2384e97bd6689c9d0f5ad3af155c02157822078c93b511f5a011313d15d1ad89435cec2441b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
aa044e9f15cca806f51aad6675a68f3f

SHA1
17c34ef16eaa86139ded65b72bfb0dd63ec4dd3d

SHA256
19b7b1f385cf7674cfb036041c4e82ce014cbb0cc462719f85b54b286b194a1e

SHA512
4ce6b72bb9c5efbea4111ee6c8af0444f0e04b0cedf1a7bc13366c91954c6598cb0f348ded2eb829cd409740b2e2d48408f5c20dc8aa54b41d2af3de2f1ee045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7887e4fa7edc1e70ed7ec0e0f7511bc

SHA1
8b25aa1b40df962a6d64e7f957130e5cd132db39

SHA256
bb7cf7bf1c892fde9aff1b9e1d5aedb1a43de86eda038cac6794ad4497adc2db

SHA512
12de1f9d1bc5aa482b47916ea5da463b83e6995a73d33f17e85d723e68ce53817e0590a07dd7403da6c146b106deaee20213d51e9e732704efdb317afbe8d956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71cc5cd302d32013f47c7233c9054e68

SHA1
3cc08a6a78b775411f5a004ebe81ee79b2d83ff5

SHA256
5c1f9eec23aac8266d13fad95c56dedf22d706805a462a17081839f28fb038ce

SHA512
736911cd68c8807b2106146df076f348357d12e07e4c21d40cde31f81d0d900fe71aba3893c6beabd4d76cd966fa96200126c7b6e2563a7f89aebd0090d94eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b065c20a08ac2b060e78e4fb0efdc464

SHA1
dab3ff24b912950ead16067563d3ddb8958376c2

SHA256
77dc444fc693b66df7d18f2ff2dd6b342fcde1e03aa01af54d41e4b5a58270c7

SHA512
04e61e36d5836edf8a1f287af3cd7f93fcb247d74be121d2fd672c6091833a6ebf00c6badbf539db0a89182ddd07c7c77e7a961dceb75e14aedeecdf5e24d4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b9579ba3da5f280b22c30174383b6c3e

SHA1
d807eac265778f560c4d14bd4cf16f8569c09803

SHA256
6aa35c16d9032985a0b3694e3b2f001c46499c56c736a07462f8920d2a9fa40c

SHA512
c9d96e5c0f8e97d8873dcfdd9062d24a769e7b933062ed82593060c10f8cdc3d1e9b3785617822fbc61303cf958c699b35f45a73b77b7e26d706c4aa4345838d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f5978e8823874c60c81c48b028bc8661

SHA1
dc649ca814dd84cf0d2f2fc75ab8d67ed434d25c

SHA256
e05ea4cd145488564bcb2849076075a5753bb57eff6493642275277fa2a97774

SHA512
72cd0c0f83561bc436f597fb68b095a67326d561860e8d1ff4a3359953bb2bf1ddb99967283d57cbde7c729e84f6f3bed155e8464dd8a121b607ab95f044df61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
692ae31eb67620bde8e9838864f6e649

SHA1
4ae2f2c3f9c9178cdbde392b50251da0f1aa0932

SHA256
cdd08b4a863c95cd20d17d909025510068293ce5fedff50eecb83b4d72ce88fe

SHA512
41eb7e6a84a3043010bed1b7150a82ea0b85ad94f45026e01cecaa9849c8c0ec55580ab18bbb56de700e32c721064bc0c121795054fe70e8271744f98ae3f218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
132B

MD5
18d6b8b3d72b84242eb17a1e40236e3a

SHA1
064b10fcbfef51d4203a55abf3b74a9002d573c6

SHA256
00d3f3fd899c3d7cef47c06ffa4a7d8fe351ef0e77f31f9f726c39e7e235de81

SHA512
d419036843f2ab59ebf7acd5c79502f46705a1ab6c35c2c30fbd1cd12ec382f37e49786a9253717784b4128878e86bd94b991d83d0c8e6a505ea552edfcf7193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
494261af56a306124b361dfc8bfcc64b

SHA1
a1763bcc7f8534c476b400916eafd03211dee9d4

SHA256
09e7225a6123d6974158d0c8bfd9d10d301aa0ee2cbafa21e7c664450d3e4711

SHA512
8527859211a816e02e73ffd83697673ddfb6b0dde63f1402971a906760a18b5dcea8273397b3f46f8fda231a7cdb31a1c4d48defa9f6cf9762c1d19e1a379d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
d53bdfdacd595314a9b8633a5eae615b

SHA1
eb48aa7ad9b90c019a6d8483f39577db0718cc5c

SHA256
b41c360147c4f7f09ff3efd3b01a1822dacd00c83489beaa9581497687aad42d

SHA512
725a8ad2b601b6867ae53853cb702ff528cf4bd6c12fcb2ed5cc17e037c311f9b1480c1b95a49964e8281424ca86d48c18c327c78a936d2dc0fc7274a5f17841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
0f30ecd4bdd8277e540c3dac1c01cbf1

SHA1
b7dabfbcdfbe8114e15cf7f27a4212f54da93da3

SHA256
81fdb6c4e10c576a320a0fe39b0b8678ad084fd520c815d97a83eed68fc4e582

SHA512
f6f33ec994770ba2f1f05a59da2aa46f65573820bbc53f63814ce546867a428f882d2d652e3139af86e2e77b6e6d4c01b7cebfcc5509530e4ed39d84d378bb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
c2d035b54634aa089165a0e8de4d9695

SHA1
ebdd646e56fd7d01ccfb1e0436cc31fbbce1286e

SHA256
8ff200eb1180ea2dc5a30fc0b1061c1a277f6375d4bd7e4a545656cea222c0ab

SHA512
74857698fdfd71e0b19870f621cc93e6f2217e1237469ee5f87167131405326b6922fbb52b35372fa31c1bf2548204da52c47eaeaceda7cc67710c6cf1813615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
17955c6a1bfe62d0dc5fef82ef990a13

SHA1
c4bc3f9ccf3fa9626c9279ecb1a4cbfbf4a0fcf5

SHA256
1cba135964cd409db09911c7cd4699112622596ff633cea868a83c54088c03a7

SHA512
5fb73bb4f7eb1c9e26f34e5d0f310783c7e629e717760ee38731a52a8e3fba6831d77abf0f37631fed820839a00c9242a582e59266de08d3c92c5c4f83c8e7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
b3f6213f0e895fe320408556a507969d

SHA1
e77ba014e18378dcf64452b1f18440b734e6aadc

SHA256
5e659c22a1bf78c28c58af572c0e0ede456c1cae6552982200fa4ccf47a7f5ac

SHA512
bf723bbfb4dd219155167861552806fb9e2873fc72d647dd4df8a994d726ee83f66195b6160dcf3278826d221f9b3b4beecbd47ba719d432db1b41e43ffbbda9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
c057f7a04091dbce611056049803a067

SHA1
307c78ec4e168e1091b707840932c19a922d8ce9

SHA256
665b4f1eb4a68328b908361b04174ca07adf1fec035e5ab6d4e6d0c20738cc10

SHA512
186235d517f5062d30e8c00bd8deb448f5b5abb142b45fd93d7d0ad5948b791b5329fc1e2605250e86ed49a11f5692b5efbb7c2456545a5f535a9766008e3c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
fd1c2a6d315fedc937d08c01446259af

SHA1
17a8fce515591c19d38e9f27b797edd5e591f7a2

SHA256
3c6226f8fa4e5b7ca219a019b93517d6a0448aadf5bd78f3b63dddc332ae1c93

SHA512
8d0e3af13d0bc122eb0ff5cb72996126e0fd90ee5756f99e5bdc0a9addafe17bdb9ab0544254a330fdd1e32fce76d96d794599f95077dbb2a670ca336b7ff9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
de3eb63a7acc32ff66ec7fc2e0c628cd

SHA1
6f9b72d623a6f7d823d44bc093232032df08f7f6

SHA256
7ee21f948494aa3d75d6097fbcd0fdfc2da937319e1a8ac57c3ee04cabf6167b

SHA512
1bf2419e4980fdd265f2a905277795a6128a4f06cfd55d1d628d5d6878316330f607b5cb87a795b79e0ef0677e850d4d045d30f29afdc78648e58c7b22b86cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
fd4852d4277226e31ea951137cfe4174

SHA1
4b533050a0ed49d8ea7da898948243a80c0d324b

SHA256
5b7a5903c929e1aae2ef069fa2402d0efb9c70525e2c806d552bc79b77c2cdc6

SHA512
7a85fa0b293dbfa55c94414d2dba2ac2eabc26836395ca45a0e404e6a2f7bb01bcbca9d2ebb014242e98e68d06411a075975f7ad1e1bd1af871a1efd32c0aed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c461329b-0277-4588-ba73-a8be93d3ba16.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B31.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI3765.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBE64.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\Krnl_8.10.8_x64_en-US.msi

Filesize
5.0MB

MD5
b837d10b9a71425dbf3d62b2cc59f447

SHA1
85c9ba3331f7eb432c28365b0d1f36a201373a72

SHA256
76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c

SHA512
f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405

Download Submit
C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon

Filesize
21KB

MD5
40b4a7ae4c48f9d80263e43964f44697

SHA1
23ecf7ac584fbb374dd38d12028e97272ab04785

SHA256
bca6f5e3fefde9e64faa54219b00ccce98aee181c80bcd42f45b7c0de7dfcb7d

SHA512
e448da9fdf5a56c2c22e8344f39991e21dde2e9bf97fed2850b5edea416623ec00dde13d6c8e5abf9a19c71ebaac4afe28260e7191de45cf260290e20c78178c

Download Submit
\Program Files\JJSploit\JJSploit.exe

Filesize
9.7MB

MD5
d0d04bc3cb9e341925f36736c7730dc5

SHA1
c958e77cd69768e3753835dbfcb66a903b373c21

SHA256
bc360c4a540aad33bcd8a358566bb4e0844ca36138ef36fb5dd8084d36517495

SHA512
2f04c151d57826a89b52f82c6b8c4ae5c0a45b83556c9aa6c45aa520f312d1a0edd2bb36c90c94b5a4967ea1b498634c4673828ef4afbdb63ab0e9d76609b31a

Download Submit
memory/1596-624-0x000000001B7D0000-0x000000001BAB2000-memory.dmp

Filesize
2.9MB

Download
memory/1596-625-0x00000000026F0000-0x00000000026F8000-memory.dmp

Filesize
32KB

Download
memory/1832-1020-0x000000001BC00000-0x000000001BEE2000-memory.dmp

Filesize
2.9MB

Download
memory/1832-1021-0x0000000002340000-0x0000000002348000-memory.dmp

Filesize
32KB

Download
memory/2340-906-0x000000001BB90000-0x000000001BE72000-memory.dmp

Filesize
2.9MB

Download
memory/2340-907-0x0000000002310000-0x0000000002318000-memory.dmp

Filesize
32KB

Download