f1db224af0f14b971ba8be3e33482322b2f821695a4bbe2782b956217da383ad

Resubmissions

30-11-2024 05:05

241130-fq1p3ayken 8

15-11-2024 21:39

241115-1hzs1ssgnf 8

Analysis

max time kernel
63s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.10.10_x64_en-US.msi
Size

5.0MB
MD5

8cb1e85b5723e3d186cc1742b6c71122
SHA1

f4638a9849b2bea46c8120930c7727cfae70b4d2
SHA256

f1db224af0f14b971ba8be3e33482322b2f821695a4bbe2782b956217da383ad
SHA512

b447f7b4e6590120ed50eaad798b271e7ebbe52ad61dbe5e621e0c99a6314fbcfd10ce8e6f837a7ca76e1084651c65dcb0eafcdac6cce6eebe2d1729249add5b
SSDEEP

98304:6jmBVvK7NEfE6nal/6r5mzaB325gGiU9fh8ztt8xuvuUnm18uHwCEtFW+VAv8m:srNEfulImzfh8IquKq8uA

Score

8^/10

discovery execution persistence privilege_escalation

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1852	powershell.exe
1492	powershell.exe
1852	powershell.exe
1492	powershell.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File created	C:\Program Files\JJSploit\JJSploit.exe	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua	msiexec.exe
File opened for modification	C:\Program Files\JJSploit\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files\JJSploit\Uninstall JJSploit.lnk	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\f76ce57.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF31.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76ce57.msi	msiexec.exe
File created	C:\Windows\Installer\f76ce58.ipi	msiexec.exe
File created	C:\Windows\Installer\{FFBDBA95-DF8A-4611-9643-F1D13013482B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{FFBDBA95-DF8A-4611-9643-F1D13013482B}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\f76ce5a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76ce58.ipi	msiexec.exe

Loads dropped DLL 7 IoCs

pid	Process
2164	MsiExec.exe
1280	msiexec.exe
1280	msiexec.exe
1200	Process not Found
1200	Process not Found
1200	Process not Found
1200	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
2440	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\Version = "134873098"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\PackageCode = "0711D38297FB7E44E90A08D139DB3056"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\PackageName = "JJSploit_8.10.10_x64_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\ProductIcon = "C:\\Windows\\Installer\\{FFBDBA95-DF8A-4611-9643-F1D13013482B}\\ProductIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\59ABDBFFA8FD116469341F1D033184B2\ProductName = "JJSploit"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\59ABDBFFA8FD116469341F1D033184B2\ShortcutsFeature = "MainProgram"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1280	msiexec.exe
1280	msiexec.exe
1852	powershell.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2440	msiexec.exe
Token: SeRestorePrivilege	1280	msiexec.exe
Token: SeTakeOwnershipPrivilege	1280	msiexec.exe
Token: SeSecurityPrivilege	1280	msiexec.exe
Token: SeCreateTokenPrivilege	2440	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2440	msiexec.exe
Token: SeLockMemoryPrivilege	2440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2440	msiexec.exe
Token: SeMachineAccountPrivilege	2440	msiexec.exe
Token: SeTcbPrivilege	2440	msiexec.exe
Token: SeSecurityPrivilege	2440	msiexec.exe
Token: SeTakeOwnershipPrivilege	2440	msiexec.exe
Token: SeLoadDriverPrivilege	2440	msiexec.exe
Token: SeSystemProfilePrivilege	2440	msiexec.exe
Token: SeSystemtimePrivilege	2440	msiexec.exe
Token: SeProfSingleProcessPrivilege	2440	msiexec.exe
Token: SeIncBasePriorityPrivilege	2440	msiexec.exe
Token: SeCreatePagefilePrivilege	2440	msiexec.exe
Token: SeCreatePermanentPrivilege	2440	msiexec.exe
Token: SeBackupPrivilege	2440	msiexec.exe
Token: SeRestorePrivilege	2440	msiexec.exe
Token: SeShutdownPrivilege	2440	msiexec.exe
Token: SeDebugPrivilege	2440	msiexec.exe
Token: SeAuditPrivilege	2440	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2440	msiexec.exe
Token: SeChangeNotifyPrivilege	2440	msiexec.exe
Token: SeRemoteShutdownPrivilege	2440	msiexec.exe
Token: SeUndockPrivilege	2440	msiexec.exe
Token: SeSyncAgentPrivilege	2440	msiexec.exe
Token: SeEnableDelegationPrivilege	2440	msiexec.exe
Token: SeManageVolumePrivilege	2440	msiexec.exe
Token: SeImpersonatePrivilege	2440	msiexec.exe
Token: SeCreateGlobalPrivilege	2440	msiexec.exe
Token: SeCreateTokenPrivilege	2440	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2440	msiexec.exe
Token: SeLockMemoryPrivilege	2440	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2440	msiexec.exe
Token: SeMachineAccountPrivilege	2440	msiexec.exe
Token: SeTcbPrivilege	2440	msiexec.exe
Token: SeSecurityPrivilege	2440	msiexec.exe
Token: SeTakeOwnershipPrivilege	2440	msiexec.exe
Token: SeLoadDriverPrivilege	2440	msiexec.exe
Token: SeSystemProfilePrivilege	2440	msiexec.exe
Token: SeSystemtimePrivilege	2440	msiexec.exe
Token: SeProfSingleProcessPrivilege	2440	msiexec.exe
Token: SeIncBasePriorityPrivilege	2440	msiexec.exe
Token: SeCreatePagefilePrivilege	2440	msiexec.exe
Token: SeCreatePermanentPrivilege	2440	msiexec.exe
Token: SeBackupPrivilege	2440	msiexec.exe
Token: SeRestorePrivilege	2440	msiexec.exe
Token: SeShutdownPrivilege	2440	msiexec.exe
Token: SeDebugPrivilege	2440	msiexec.exe
Token: SeAuditPrivilege	2440	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2440	msiexec.exe
Token: SeChangeNotifyPrivilege	2440	msiexec.exe
Token: SeRemoteShutdownPrivilege	2440	msiexec.exe
Token: SeUndockPrivilege	2440	msiexec.exe
Token: SeSyncAgentPrivilege	2440	msiexec.exe
Token: SeEnableDelegationPrivilege	2440	msiexec.exe
Token: SeManageVolumePrivilege	2440	msiexec.exe
Token: SeImpersonatePrivilege	2440	msiexec.exe
Token: SeCreateGlobalPrivilege	2440	msiexec.exe
Token: SeCreateTokenPrivilege	2440	msiexec.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2440	msiexec.exe
2440	msiexec.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 2164	1280	msiexec.exe	31
PID 1280 wrote to memory of 1852	1280	msiexec.exe	36
PID 1280 wrote to memory of 1852	1280	msiexec.exe	36
PID 1280 wrote to memory of 1852	1280	msiexec.exe	36
PID 2580 wrote to memory of 1964	2580	chrome.exe	40
PID 2580 wrote to memory of 1964	2580	chrome.exe	40
PID 2580 wrote to memory of 1964	2580	chrome.exe	40
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 1636	2580	chrome.exe	42
PID 2580 wrote to memory of 2020	2580	chrome.exe	43
PID 2580 wrote to memory of 2020	2580	chrome.exe	43
PID 2580 wrote to memory of 2020	2580	chrome.exe	43
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44
PID 2580 wrote to memory of 692	2580	chrome.exe	44

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.10_x64_en-US.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2440

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2EFCD0A8A4CED9D0C229F1544D5C9103 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D096F8BADD6E49F324DEDD22FCA763DC C
  2⤵
  PID:3856
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1492

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2428

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004C0" "000000000000005C"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ce9758,0x7fef5ce9768,0x7fef5ce9778
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:2
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3060 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3744 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1896 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1324 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2808 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3920 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3700 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3868 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4316 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4680 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4856 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi"
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1512 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3744 --field-trial-handle=1244,i,5300381911915246776,4780710785278618459,131072 /prefetch:1
  2⤵
  PID:2196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1676

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005A4" "0000000000000240"
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Lagswitch\Lagswitch.exe

Filesize
7.3MB

MD5
bfa849cbce84eb01a5b684cf7d5f0fb6

SHA1
e70f52c6b3287e5cd417e0b9fa0ff76c52f2bfa3

SHA256
a82a51d5a8f56aa88dfbf92d5a1098465a0116908dabbd29728b3cb28980f5e1

SHA512
f90656972c8a53edebcc78e423a2a53c4a8e44ced06c76bd3196208f780a4b982a975021eab322beeef61356cf51503c8f322463b98b60a76c15581f5fff6ed4

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
bca553963f12fbb7f46273385e65b7ef

SHA1
82565bd303679ed45c884de2a5afba7c967ed4b2

SHA256
074dbf78da20dee0ca1097a572e6e0823f6d5692b12e5a4b9f87a223f4aa1b15

SHA512
d823e2510009aa48eda19f2af9dfc6aef64eeeab2dcfe6f47492353ee2c11fdf80a48c3d111dbaa3ed2553b494077ee1fcfb58d321a34c938e1e27969f2bab6a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk

Filesize
2KB

MD5
9127b142f6389bf97abd596c8d164d96

SHA1
76352f6ef8138ae96538f8c40f3aa00aaeef309e

SHA256
260e03ec12b9bd5605adda02975551d2bff9796f02962626bf63e4d29b05ac25

SHA512
d3c54eef4d0c6da7ea93702fedad970f6661103222eca83cfd79334baf3332ff67e115ad1fae9d2b1f782a4cb5e9ee65a7f27077097724f27b44d19cc65925a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
239a7862e76919a46d2b486d4bc13242

SHA1
697f3588e57bac964f350c4a9eb80943cbe1acb8

SHA256
bf63463b967001f056c026f086a2ad67319c33a404db42dcbc8ec9414f3dc67b

SHA512
6f2cc7be98908f0ca9ff382744b58f6794edf106bd20822aa331d4fb599fb0797ffe73bbef3df6d9f1574d42c994510e4c494f532731bd23c302f8a403f1931d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9826cc72a32b7a532777d83aa8a36f1f

SHA1
bff4cd45c46df4b1200e3c07586c96cbb5e01132

SHA256
29eadb3fe06f07ccac8c0e4ff5f09871b7aa92e743edec7402e2b0470a333452

SHA512
3f9b6f6fcb4f2460fac6c1ff77e1d0096e626f37aceea574d2717ce5b65cb2cc63d9e734cfbbdcbdbaed8ba9fe6c5ef2df7e08bc87168fb39756f42b51c4d3e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecff020f0453f380753dc88ad4ec2835

SHA1
eee0842f80c04ff81654e0b88d34e5bdfe9cce6e

SHA256
de99e4cc9a32a68e2f3c91f8a12c847f48874e24f720313828e5c92c01c3c85f

SHA512
1f013b8b6b7fd9cd192a718fc96a1462aa3d8caa9adfecadd32164e8423419c88cc659e8b577ba545d177fe4ef39246f3f416f185d900e4b1bba54bd4ee4946d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
456093d0e7e5ef0e346f4b95e5aefab5

SHA1
9ff968f74a5790d7eae9dd1795ffc681a4917a7b

SHA256
4ef8f5baee1925aba8312525b6d4dec132a3bf7b31ea6f756c370a8cc3b285c4

SHA512
622d1f5af6cd1d6fce7f368bce4d282a5c4ec63a03fe315459722bdc4d35a7ad84f75ff58ecd935f9aa0a89cc0c1dd35eb9bfcc290e55b921eeb6c64383986c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4844a7723cbd4a1d27b1265355e9897

SHA1
19064a5c90990ef8e4c000277a54bf5ebb7e2bdc

SHA256
02b40b4ecdde95ca590c4bb2bcfc4bff6795fb48227123281c4b0b0f1a2a19ae

SHA512
a982361418c7d55498322072edb7051bd49f4985ef5a8401f35b1e5c5ea243befc9c388f67b0f3354c5306a1cfdcbd1ef469dc09d116e9ad26a5abe267827453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c2dfb506053326244097055fdb8e37d

SHA1
3c20cb56f65b284584b2319676dcb102e237fa45

SHA256
5242a85a86639325f05a97b498b8e341436416af0eb94ae356508954c50b7e87

SHA512
e97ff1ed83610b3d527e62321c1e7ba5067957d35c27277d712425cf9867d1248c70f85928be36e6877bdcfca504dd8b8057b3fc61a613f37e6cc116aa4b4d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
852cb09fe019c328237cefad2b334ea2

SHA1
4334f658ed0987284654b617f2e268cef33a24e5

SHA256
f73ac06710f2e7ab6ac9842c0b3da2b6d9747027054a05e6348a4065fe054160

SHA512
131ea2b8d0e5cc9d04da20c63b24b721355319af2909785ff7855aac47ccb9f86f196e10c2da2e87915fb4fec6ffa8d83bc43dde63a63cbe1d04adbf31c89960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c66893fa7368a6ba270d30bcff65a21d

SHA1
fb9b257ec80086dfbc149143f880b54c951c11ba

SHA256
b6152cfbffc17ebb825fa22d41f142e351b3f42a221c0f071bce04c5b2b7014e

SHA512
3a5838ef78906b8a81ae1fe02aa805516d1694f9123374df63e39fee072c8fea19e7c5102fa97e0aef186572cbdd2155b704bc7e4e118f032e9e734f0948d186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
171c109516050957892fdc0047a90b3a

SHA1
8798818917d7db3909aef673e2f67cb72bb5e157

SHA256
755f6791bfa6b1ca75def44af06b88f9a5f196809a445af699054e8e145ba237

SHA512
b3e4a99c480f71777418c2ff0f141076a02c47f496a52aeb0316e90b4ba26272469634b55fa9a6ba1558f130ae9c53f081038f8f58f0bcd1d25cbada9ad56cc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e80a167d497f4e9d7b00e27351868d8c

SHA1
5e9288759ce5f5d97862e9c4ef34320e96de2cc9

SHA256
877b841d62c8543fef53f16625e02403b76ecdef9378c090cf39942ad0fd8d09

SHA512
d074e69570a9272b69795f718b6f66024ec63bb06208342750d7c3c13a815030161272e5525589e38bae04e1917e85614e1bdebe9165c517a123d3973aeecc98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
348ca4b7b61ef5d8852ba62ba3bb69c4

SHA1
48e200a4c832154f2414acbf72b8a6d54c621e53

SHA256
41891a93b2701b8d8f60781935737ae635873d095c05de004e0615c3aaeab7c7

SHA512
ebaf89950519d94248f8001ec90dbe74a2fd3924babd4432bec6e11d011f1495927e2677d7606e2bd60a60c15c9d76280a69823aa282378011250fa4c9567af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
074531d07a7052ba1f540ea5d0b45152

SHA1
f62ca81803718714ee44bdcce395f9e439aea001

SHA256
1bab10373f2ffdd6055cdeaf5b663a705792fcf293daaf5368676fa133f6e59f

SHA512
0548f04cbeeee662146f29ead43552db1f33648837e5319c6e5a8c96211b134e326d8ffaeb4bb8b5a427f1869f40496b32d76a5509eca747271d82c511e9fb75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98f78b54670d5a45a7f61735dbdabd07

SHA1
324b28d6545cc001f7d2b443a42667a53d4466c9

SHA256
7fb5cabe2360c47c7bfc3e8d767c4a4a1009b22c51b53eb541e0cddafc6bd4ec

SHA512
8e63c90e286a29fab70664d79c2b6013e42ca6cd4cbee41f7a930739ee118a6275cec384cf1f8c54ce9f8644e799d322f0c36e673de4afded961f55cb779e710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f64ba3a4e71deaf0fee818709615106d

SHA1
87202a9c1d4de31a46eafb5b1341fdaa03b4546a

SHA256
607f24d7569d9ab7cd8da4902955815de385eb97e884515572d472a16589233c

SHA512
656301fe4dd5f53d84c0ebbbb8be41b13fe3a32594755e90e0b4f99104e28dd5e32b77dbd1b07d9ba07e2489b0a2641c32ed094f1cbf46e12e1e98b5f1ae7a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fde9f9750f77837bacacf1384a2c2679

SHA1
daca6ae9848fd9ae825da3ce37737d82e547ed6d

SHA256
17355b39c157b70c0276f10ea7b60e9119c989244c57013f17a396210f6b66f7

SHA512
0a0deb49b39da5d69299a1fbb162aaebaaa8b0de53677e5e6e520faa4945bf1ea1c6672e7713eb084216f335ac951d2599a4705456c8547e9501360ef2408aeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a879d036477e48ea2d0381461f7ae3d5

SHA1
2c7918ac5e85e10b795ae39cfd2acb387bd4e42d

SHA256
98161d27c4d9bd09244bce89f308ab8583974ed7ab24b3f7be6f50bc45ca855f

SHA512
427dfbe702656388d67f046df38588590acd4bbd53063107f4396838bdef4195a11b1582140629e29fa0660b48077711be1bc1afba4eaf82bd24d9bdd2126bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd2b49f8265079f30ce2a89fd498a70b

SHA1
d5e1605e33554393697c92fae8a87fd5d97e335c

SHA256
737d00a68d6214ab3edef237e336db409e77f6cb9abe556142abda700d3ebcb7

SHA512
456cc119ce1f40397561397a65817a9eba8514dcf39c1eb908fb9d14a2dc157709c752e37f850749234e010b98f1041d485833dde8249c899f7890bc926fedb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d81336728e940fce4f5af2f9b7e0e328

SHA1
1a1aefe2ddf1e71a9ae2393dc8b8e43c13f61dbb

SHA256
90b4821e41b5a26ec14f14d2fc1e6cb8bf8ab7ba2c9bfa9583fce3f25dc11698

SHA512
a445adf589e9f3d4b4d54cd7aa18dc9332b46081f5fbf72599110e56a7fd24e183bee647c55d0c6b45081fc4bd66132504f25292728a75eab1dcd2f8563ba00b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
596bac87bd8b689681c05ccca5ed7d0a

SHA1
66d09a9fa427223ad62a97e90c212430b30f1e76

SHA256
25c34915adeab99c58679f986d51ac0dfa26e50a913c7c6c7c43aa603832da17

SHA512
ad2b6f194dba5204f901819b433f896f7ad61b68a6a6e52c98e235f78e6d7fc677cdeaf651d17c2aa9522cab21e35a22c9ba6d8593b4424aa3220038d88f589f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23a1ca84ed5575293847a4ef8cc9f17c

SHA1
6633215c5c8fd664c606f48a8a2710e18b606c37

SHA256
161c62d44ef44d99c0a3d5d763a501060c9429cb03b856f6b0d70f23829ee686

SHA512
d61466ceee22407b3ad4965bd0b11680b25cb58cb4c2333c96970e55576e9c053a8c63838b2478c81e25ad3b41cf08b9685a5760270d0ad355ebe859716dc931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28703363399aba85ad6f62e6a83f539b

SHA1
5e82bd12aea678f026e87b7fcb538a486effe1be

SHA256
4e5f6dabec90fa1954cff568d6c2eab22adff9ae1010590f509038d1dbce8432

SHA512
b6c94e177fd1b5cf60b4a51290e60ab1640480dcd85e084e33702dd2dcc615843fce77dde023a581cfef4354b3e17262b31b58ceecbd29c1f4151d3682dd9ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
eb11b4a40eeca4495b0fdd6aef8bf0cc

SHA1
2b984c1913a54da7560cf8d523f3b5707375536f

SHA256
21f650e525c63cefe2b672f07fcad33e7ee11ea35e463c2574932af3804b88a6

SHA512
40d3992ea0f65dc8cd451ba1a1353927dcb83cbba0823f8c42acd02f2983c33035258bc0be2e7ff0c0e41502fb0458d83e6d5f6c8030d3a46c4725fdc3f48239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6ad9272b-3066-4119-b95e-0973aadaf9d0.tmp

Filesize
347KB

MD5
b8de628c4d44963efcecad0e09a32e89

SHA1
6a1d3228912c5fe1efdf828e6f214a7d26ca5703

SHA256
ddaa04743dd14e5e6edd59ca4641af40b9c2205700cc950b4200e5058b31f374

SHA512
4225aa8328598502600326b66b8ad545ecc57fd87261274616ddc4feb760bda103c587216998d3f9b97e5c4975b425454196d250dc446eab16bfe0ff3b78699c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1bc88aad-3ce8-4f20-94c0-6f931a896baf.tmp

Filesize
6KB

MD5
f20edc9b71b9d89b2cc505cb7e9e6d96

SHA1
acdbc51ede2d79f5223836d8f55a3e1d19e6f707

SHA256
b91cbd69e002ee6acaaf6a2804c2b9cd589e7e7f67df8c487b5b9bec0b3cdb83

SHA512
3e247368939fba468c4e0cbb7acf24f239845f72ca75f04b744247411bc127578aa62d0f8faab1873e09323c168fa9362d6d73ee6ff6ee9e1db0ae9cf8e2d55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
52KB

MD5
a56466026b5974ac3391ed0f82d235ff

SHA1
af1531bd19d8a6ac88641f730dee6e5b9c1d8f2e

SHA256
bad8fea240094fe8de36725892226ae9afff7b29cc207369c282a14cf5013182

SHA512
4acb69b51b7724fa127dd8d33f4b49baa8be98fd28250b3103fe64ad90740d6784e593ee9afe8236a2a61ef16045e1d1375d1843212601a9963201e2a5cd4689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
130KB

MD5
a83d80b0931ca97ab892f7dd8c2b7a4a

SHA1
52ce59e454d3ce3aca1c365d0ca4d3f7213b47b8

SHA256
e478a93c47427a21fdabe242cbca5fc79c36911ebef992c36b9f9be9399cd018

SHA512
611ed83f2244c278f3a9820a50263bb97ed34a34343a7303a9ff27f013ee87d41b967fbc226c2a893fe4c24fa5e1584d127232971199dfbb4cbbf6cc661d842f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
31KB

MD5
1dbe917c9f1cb2d708bd16fc047f3494

SHA1
ea2ab321e078a960277ab25b8e5adfa4a1bb150b

SHA256
501fa5f1eb93d5503ae2054dd2f2afbf75127306f5f24010a1a2ee0261026b96

SHA512
889c1161d150b03e12125213234dda080b357808c2a28244f5e29f6b5ddbfa8f130ab8410d059d8a11c7ea97acf91b6b8c38dd5d9637c824ef46ae64d57fb7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
144KB

MD5
dacffcda691411231998efe032519dcf

SHA1
a749100ebfceeceb44c5df722c56be0c10a4806f

SHA256
831b0c446916c0b28ea3b87d89e82b7e2ea57bd38ea1cabd4d216d75d5063208

SHA512
dbb0152c86564efd67dea4bc8983ec85be74193470bceb3386f8eb053d15fc621a20339520aa3dfe306d8c621460aec73c00429d49ea4245b6d84ac6be35ba58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
75KB

MD5
b4e9f93adf01677457b681cb3222bd6d

SHA1
d60d5ad3a482a82d463d419990df7258ced55d2b

SHA256
a81846553c090cc06556a57c800140d7a8835c101e945d01237c56907bf6607f

SHA512
6a8e83165869b74f6f5ca2725b2422443afbc71c0bd99bb976c26b7a8f9b6cb7f4797029d6d183e73e77f4231af5fc5c7de85cfb5e27adbaa347c12fcf6902a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
e289d2e9803f4638958b0b5c8145151d

SHA1
01d526196a4814482d2ab7a3725cf8a1ed3d5acf

SHA256
1e3f997dac17c7efebc0c89760d7751fa7d224e20bc8bb91556909392c166563

SHA512
7ce02c1a99198bb9b945107804d29104fbf21042916751f16f9c28c621dff4ffd98ac90331b09d591ff3307cfd109111cdd3c20a3d20acfe080a91f8ec8396ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0

Filesize
301B

MD5
689e65e18e10320b26613932be84ee09

SHA1
6f147afb6f0e9d6d09efb8991cccef4c293f4348

SHA256
247e196ed17729d27a39b665206b0a80c19b34a14be588bcb160089aa6d2bbfa

SHA512
d2c4287889cc564add7d1c92975fb0f1f80413f89eb23cfd741214f814178ac2b37dfd175b72363e85bb2cd0208e749de14c4fdc63eae4d5e7759f369ed80f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f370bc9ada780f8f668f04f684bae755

SHA1
3b12cdeaf2cb1ce387fe638fc67e2446ce4f74bd

SHA256
693a6e604c2335aabd4ae8d7e949d6facb1b73b8f46f1b2ab2480286fb0bfac8

SHA512
7fb1a4dffc3accbc41cb03ede23899aa3cbd4985380c03d08f29062796608a0fe44ae48b46ed98f1f7a6608493bb214b4c5093da2ea6e58b20e6f8be2beb01d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
251e4e4c1a8f52275b8ab6912b2e26a7

SHA1
3c8e6f3e5dca9a9bbdf1727006d455a7b6b07a14

SHA256
9f9a66bd8ccb469242dd2941712e003cb0a80f993be7bf3688a23ea89e1f7eb8

SHA512
b0439eb6c4f46d4ad4e798518d53d5bb04e0c4093d1eb7b0f7d5e25936b422032c311d194699b343bd3390c7292f1690d9e9325228918fc633bbabe280857e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
32e6f336ef872cdbfc9dc1b3be0bdedc

SHA1
6383a4db06c2c425153580d88f7c146188e80df6

SHA256
6d3a93da515dd0dc362845756b7367795f18dbac0c30b2cc871c257a103e01ee

SHA512
c3f2640b756cf2137716f209b68c99804de351851557fa2046d98912bfb03a1102f6644ad02de405484713e254583cd912e033e427c4d59d86a56fa9bf38c009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c976642b040f4de532007f456ef827fd

SHA1
9f454c1a7d0d72d94ee843cff2c14764160a22bf

SHA256
3717b333d4a12fc9fc19c20f81f081f33d9647c4ca32f16674594c60b768f609

SHA512
ccc811b36fa2cf52f4427251ca0d89fd64840a946cdd0484417ea604e1b641bac6b59590ee6bea3372d8636394414efcbb6373bcb6947c33df1c5864d18f99d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da18432f50da2ff58e4a55f23ef2dada

SHA1
f357587c0260d3dd3a98b9204a0da502b7746832

SHA256
969827250873c3f3c181811046ef5c52162e8b0d3f91a4cd74be6798c6908d28

SHA512
d44e1632cec35ec650b4fe513a1d4a2c04bf4126c799e227717cd4fb9af94212275c0907ccdf4d3f63c7873342f775331ee904455fe7b74ef43d2ce5a764ad56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83a7ae6386b4e7d9f2cc7aca02ae3533

SHA1
a9cb9a0b3e6864ebd3a947342351725bb6d7b594

SHA256
cb123173f343adb5ee18e4c96114cc8d44e05b85ddd61019ede7f345e630bb2b

SHA512
47a2c7e7f0faa299b4b4ff68b4d883558d61c2d06c33bfb0fa6ad199e94c2c921378f2b0fda9589966b7a5c1bdffe5818c35980a878aa45f1436ee3b5af1e788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
d3efd1a55d9e1ef3093691acae293de0

SHA1
29c60b72cc37d37acd423a9c1890c1ff515f1bfb

SHA256
4f7f34966105a664c23a634bc46621449ece78f1207c9555fdaad2093eb6dcc7

SHA512
25f0500eb840dd7ff6ceacac669eec605930e0961eaa203f9d45f81b8b0bffbc4e0ae12fe06eb42a4d0357803c215bfd09838b20e1028a72f5332a6b77223217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9887d6a7589ac55b60d915f7a18f0a2a

SHA1
78d49d3fe9af5b63c4095dad02fdf00aafbbdd61

SHA256
44a44b5fb4b8a9b44f0597b75ab5df1d2f05955183677c0f9feb70c19fc2c7e0

SHA512
aafa4cce168708f32afa1bea01ebcc9d67eb2751b64459cfe752f9ff997d43fe5b7029db3852cf2e0fea761d9d9525fd7fdf645d905c2bb6bc099622f2171b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f10e67b3906bb044861594783a26a668

SHA1
6bbfe1e53e5fe2ccb76463860ab70bdc9e4e3f40

SHA256
b4c5e65891206030149db6b054530db3da26afb60125715b7dc17307235f4c57

SHA512
92f0763b7331d44f76d97e79ce198cb43212d141856cd8259442df757ac40e6c62bae113dad0559ac6db99df122614c727dd9a85138d9fb16fb34a70b11990bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2ca9fdf2e8e80a4cc577d774e1dc016b

SHA1
ebe8ad884f4b1151e57b649fc486e201fe2f4c25

SHA256
d91ff97dfd28e08040b13526e13471d6710edd1afd9b3407d9f2ad6f5fb4fd77

SHA512
85c42f00cd560adb1d176cb474ee0a9e7094065659a11f6ccc1773d75fa4b49050e749a2a4cb8c40baedfba4062dab4554a5e9a6bce09098fe23f755dcbc9672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b4f1a855150dc2fe9ad922a69290b54

SHA1
3b31ac106660933ad1f2d0734133d0954fb12c74

SHA256
67aa37a7dd2d80e0dc5e37c3111cc2926ba40dbd045f5b00c0472053bc458416

SHA512
88ed082902121e455df44a11866ca1f2547a13ee8c02a77860682a71d893cd6b4c2b28174e093f6e376866a074dcacc85170ebcee8ca68ddce8285d2bce3ed0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a89f51dcb8440c94bd4cbb45be89dd9

SHA1
2eb1aff0ad8b4f39503cbee21b8e2bebec291c5b

SHA256
a86dfdf31ac5df8f5ed9ccd18f9896c01ca40162d4c7caed453dea959106d069

SHA512
2cd48e5ef4cb9255614091d3e95c45e875d53b6c088ceca69317cd71183eeffadcdc884779a2129df313ccadbf085a93e0c5756330c5f44578effc4d0716081f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf78259a.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
fb23c0b4dcf3239786f6ceaf19740610

SHA1
3c5657e51941e7642453c6b72a87e8c5b661b071

SHA256
a16a0d274a89e2d8cb1bc8f7a9d9017e7ff9a4aaccf4f2234722042013371ca3

SHA512
7ca730d8d936089d37e706edcc2e6e2579e3e6b5babc52f8d8a340051f1ffbd3a0b238b754050cc6df1266795bae8b0e5574b8124095b1e5c65a87f499e5414a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
8d4b4f4cb0b4acb6d1ee70998c567857

SHA1
e6d803ddb4b8031856a3ee0ec63e429c8be85008

SHA256
094dbf3f2d03174dcb386d489b7f8aa2fbd016741b727d48e325522a038c9aef

SHA512
c0bc738bbbbda38c33cd709602035959e33be8f4ea7d75995ea1c8346ad7c16ce5f7d2d3c1f951ecfdb3564e16c204c564c946aed00e3b60aa2515cc4f1b3dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
c3959b41c36c071117108963b0148bc8

SHA1
91ad286c9c7534a6e20906b24a0e4121435e61e2

SHA256
2d41c917c087b5c9644b610fe7a7cd8108c321b970d6de1241db2e98df7d525c

SHA512
f15e3ecfc942e9c7f772da92b1ed1d1ef96613e8079ee50b2d5b3303f4a5133a6e89122e6297cb838aa7b425fbbecea631c7d2d86ecdd23dd17cb6c998d3b546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
7d215793f036ce8c6d56b75ec0ea61d0

SHA1
b2eddd4397a08c70ad99dc94d52d874ea8d74c20

SHA256
cdd687aca5b7cbf03308e0d41b050b2051b7e7512832a68d597a7a0449ed1b85

SHA512
a69d73139f76ca1fd32b24fc2972115546fb420105be95304e429318149eb2b3de8bc50e841c8c2fe8ab1096b091b89965e00fd07d7a2a579fd03b18d8d6543e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2CAE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIACD3.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CDF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
94363a9d762fe8c7c528281e22fe2f63

SHA1
2f22c78aafa1a177fca9e07b65704cea24319dcb

SHA256
9e3d06ff8020024c9634c73f4c7f85e14a3bff3a75054bbf14e67562712d7f9f

SHA512
69550075eb4845909c12501bb398d5b3e11f99e5f80dbd8d1409d99a34791e21a29f19b68213ccfffd010d39ac4f18a033ebe2673574a6c0c9f94f2a1d484fba

Download Submit
C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi

Filesize
3.6MB

MD5
88f53f1eef043e3f7b931e0461b52287

SHA1
fbebe0190b08236d2acea5a5b41058f0e301aa03

SHA256
d16a0ff410861d71b3be9b7f84200782f36ee7123c69294395f7d362fd1ae767

SHA512
299170a983d1025d7373dabeb6c2dc498a5db94543e5f38c04bb70cd67cc77bace5a84a7e0d7c5e886fe4b412cbe7000d2a1f287d071b935fa30ef4e40f34ccb

Download Submit
C:\Windows\Installer\f76ce57.msi

Filesize
5.0MB

MD5
8cb1e85b5723e3d186cc1742b6c71122

SHA1
f4638a9849b2bea46c8120930c7727cfae70b4d2

SHA256
f1db224af0f14b971ba8be3e33482322b2f821695a4bbe2782b956217da383ad

SHA512
b447f7b4e6590120ed50eaad798b271e7ebbe52ad61dbe5e621e0c99a6314fbcfd10ce8e6f837a7ca76e1084651c65dcb0eafcdac6cce6eebe2d1729249add5b

Download Submit
\Program Files\JJSploit\JJSploit.exe

Filesize
9.7MB

MD5
8c6a8bfd1adf6ccdfe9b65b514479ec7

SHA1
08f64d25974040ade826f0c79fd638c6a67627c1

SHA256
097eb40a9a1572788272298f48748e80053c9e83f2734387728ea689afc9bfa4

SHA512
8ca0ff01add66e8a5fc7db5cbee09fdf2aeda2026c7787370d6d8831c86b504bd50c587bea8ef32fb57f44ea4d9366d456fa071c30ae85708326529cb2800791

Download Submit
memory/1492-2081-0x000000001BBE0000-0x000000001BEC2000-memory.dmp

Filesize
2.9MB

Download
memory/1492-2082-0x0000000002310000-0x0000000002318000-memory.dmp

Filesize
32KB

Download
memory/1852-59-0x000000001B4B0000-0x000000001B792000-memory.dmp

Filesize
2.9MB

Download
memory/1852-60-0x0000000002A20000-0x0000000002A28000-memory.dmp

Filesize
32KB

Download